Biblio

CP-ABE (ciphertext-policy attribute-based encryption) is a promising encryption scheme. In this paper, a highly expressive revocable scheme based on the key encryption keys (KEK) tree is proposed. In this method, the cloud server realizes the cancellation of attribute-level users and effectively reduces the computational burden of the data owner and attribute authority. This scheme embeds a unique random value associated with the user in the attribute group keys. The attribute group keys of each user are different, and it is impossible to initiate a collusion attack. Computing outsourcing makes most of the decryption work done by the cloud server, and the data user only need to perform an exponential operation; in terms of security, the security proof is completed under the standard model based on simple assumptions. Under the premise of ensuring security, the scheme in this paper has the functions of revocation and traceability, and the speed of decryption calculation is also improved.

Cyberattacks on cyber supply chain (CSC) systems and the cascading impacts have brought many challenges and different threat levels with unpredictable consequences. The embedded networks nodes have various loopholes that could be exploited by the threat actors leading to various attacks, risks, and the threat of cascading attacks on the various systems. Key factors such as lack of common ontology vocabulary and semantic interoperability of cyberattack information, inadequate conceptualized ontology learning and hierarchical approach to representing the relationships in the CSC security domain has led to explicit knowledge representation. This paper explores cyberattack ontology learning to describe security concepts, properties and the relationships required to model security goal. Cyberattack ontology provides a semantic mapping between different organizational and vendor security goals has been inherently challenging. The contributions of this paper are threefold. First, we consider CSC security modelling such as goal, actor, attack, TTP, and requirements using semantic rules for logical representation. Secondly, we model a cyberattack ontology for semantic mapping and knowledge representation. Finally, we discuss concepts for threat intelligence and knowledge reuse. The results show that the cyberattack ontology concepts could be used to improve CSC security.

In this paper, we propose a functional model for the implementation of devices that use the Internet of Things (IoT). In recent years, the number of devices connected to the internet per person has increased from 0.08 in 2003 to a total of 6.58 in 2020, suggesting an increase of 8,225% in 7 years. The proposal includes a functional IoT model of a cybersecurity architecture by including components to ensure compliance with the proposed controls within a cybersecurity framework to detect cyber threats in IoT-based wearable devices. The proposal focuses on reducing the number of vulnerabilities present in IoT devices since, on average, 57% of these devices are vulnerable to attacks. The model has a 3-layer structure: business, applications, and technology, where components such as policies, services and nodes are described accordingly. The validation was done through a simulated environment of a system for the control and monitoring of pregnant women using wearable devices. The results show reductions of the probability index and the impact of risks by 14.95% and 6.81% respectively.

Data exfiltration is of increasing concern throughout the world. The number of incidents and capabilities of data exfiltration attacks are growing at an unprecedented rate. However, such attack vectors have not been deeply explored in the literature. This paper aims to address this gap by implementing a data exfiltration methodology, detailing some data exfiltration methods. Groups of exfiltration methods are incorporated into a program that can act as a testbed for owners of any network that stores sensitive data. The implemented methods are tested against the well-known network intrusion detection system Snort, where all of them have been successfully evaded detection by its community rule sets. Thus, in this paper, we have developed new countermeasures to prevent and detect data exfiltration attempts using these methods.

With almost every new vehicle being connected, the importance of vehicle data is growing rapidly. Many mobility applications rely on the fusion of data coming from heterogeneous data sources, like vehicle and "smart-city" data or process data generated by systems out of their control. This external data determines much about the behaviour of the relying applications: it impacts the reliability, security and overall quality of the application's input data and ultimately of the application itself. Hence, knowledge about the provenance of that data is a critical component in any data-driven system. The secure traceability of the data handling along the entire processing chain, which passes through various distinct systems, is critical for the detection and avoidance of misuse and manipulation. In this paper, we introduce a mechanism for establishing secure data provenance in real time, demonstrating an exemplary use-case based on a machine learning model that detects dangerous driving situations. We show with our approach based on W3C decentralized identity standards that data provenance in closed data systems can be effectively achieved using technical standards designed for an open data approach.

CAPTCHA or Completely Automated Public Turing test to Tell Computers and Humans Apart is a technique to distinguish between humans and computers by generating and evaluating tests that can be passed by humans but not computer bots. However, captchas are not foolproof, and they can be bypassed which raises security concerns. Hence, sites over the internet remain open to such vulnerabilities. This research paper identifies the vulnerabilities found in some of the commonly used captcha schemes by cracking them using Deep Learning techniques. It also aims to provide solutions to safeguard against these vulnerabilities and provides recommendations for the generation of secure captchas.

One of the attacks in the RPL protocol is the Clone ID attack, that the attacker clones the node's ID in the network. In this research, a Clone ID detection system is designed for the Internet of Things (IoT), implemented in Contiki operating system, and evaluated using the Cooja emulator. Our evaluation shows that the proposed method has desirable performance in terms of energy consumption overhead, true positive rate, and detection speed. The overhead cost of the proposed method is low enough that it can be deployed in limited-resource nodes. The proposed method in each node has two phases, which are the steps of gathering information and attack detection. In the proposed scheme, each node detects this type of attack using control packets received from its neighbors and their information such as IP, rank, Path ETX, and RSSI, as well as the use of a routing table. The design of this system will contribute to the security of the IoT network.

Fog computing extends cloud resources to the edge of the network, thus enabling network providers to support real-time applications at low latencies. These applications further demand high security against malicious attacks that target distributed fog servers. One effective defense mechanism here against cyber attacks is the use of honeypots. The latter acts as a potential target for attackers by diverting malicious traffic away from the servers that are dedicated to legitimate users. However, one main limitation of honeypots is the lack of real traffic and network activities. Therefore, it is important to implement a solution that simulates the behavior of the real system to lure attackers without the risk of being exposed. Hence this paper proposes a practical approach to generate network traffic by introducing decoy virtual network functions (VNF) embedded on fog servers, which make the network traffic on honeypots resemble a legitimate, vulnerable fog system to attract cyber attackers. The use of virtualization allows for robust scalability and modification of network functions based on incoming attacks, without the need for dedicated hardware. Moreover, deep learning is leveraged here to build fingerprints for each real VNF, which is subsequently used to support its decoy counterpart against active probes. The proposed framework is evaluated based on CPU utilization, memory usage, disk input/output access, and network latency.

This paper proposes a novel model to detect Deep-Fakes, which are hyper-realistic fake videos generated by advanced AI algorithms involving facial superimposition. With a growing number of DeepFakes involving prominent political figures that hold a lot of social capital, their misuse can lead to drastic repercussions. These videos can not only be used to circulate false information causing harm to reputations of individuals, companies and countries, but also has the potential to cause civil unrest through mass hysteria. Hence it is of utmost importance to detect these DeepFakes and promptly curb their spread. We therefore propose a CNN-based model that learns inherently distinct patterns that change between a DeepFake and a real video. These distinct features include pixel distortion, inconsistencies with facial superimposition, skin colour differences, blurring and other visual artifacts. The proposed model has trained a CNN (Convolutional Neural Network), to effectively distinguish DeepFake videos using a frame-based approach based on aforementioned distinct features. Herein, the proposed work demonstrates the viability of our model in effectively identifying Deepfake faces in a given video source, so as to aid security applications employed by social-media platforms in credibly tackling the ever growing threat of Deepfakes, by effectively gauging the authenticity of videos, so that they may be flagged or ousted before they can cause irreparable harm.

In recent years, the advent of deep learning-based techniques and the significant reduction in the cost of computation resulted in the feasibility of creating realistic videos of human faces, commonly known as DeepFakes. The availability of open-source tools to create DeepFakes poses as a threat to the trustworthiness of the online media. In this work, we develop an open-source online platform, known as DeepFake-o-meter, that integrates state-of-the-art DeepFake detection methods and provide a convenient interface for the users. We describe the design and function of DeepFake-o-meter in this work.

In this work an overview of basic approaches to choosing protective measures for automated process control systems is done. The aim of the research was to develop a method for choosing protection measures for information security at every APCs level using set theory within analysis of basic sets of protection measures. In the framework of the research relevant attacks on industrial infrastructure are considered, an algorithm of choosing APCs protective measures is constructed, and it is suggested that it is required to use protective measures for every system level in accordance with an individual assessment of data protection class at the corresponding level. The authors concluded that it is necessary to exclude from consideration “specification of an adapted basic set” of the algorithm for choosing APCs protection measures in case the adapted basic set of APCs protective measures provides blocking all security threats at the considered system level. The approach to choosing protection measures based on building Euler-Venn diagrams is suggested. The results of the research are recommended to be used when modeling information security threats and developing requirements for APCs information protection means.

With the rise of the so-called Adversarial Attacks, there is an increased concern on model security. In this paper we present two different contributions: novel measures of robustness (based on adversarial attacks) and a novel adversarial attack. The key idea behind these metrics is to obtain a measure that could compare different architectures, with independence of how the input is preprocessed (robustness against different input sizes and value ranges). To do so, a novel adversarial attack is presented, performing a delayed elastic-net adversarial attack (constraints are only used whenever a successful adversarial attack is obtained). Experimental results show that our approach obtains state-of-the-art adversarial samples, in terms of minimal perturbation distance. Finally, a benchmark of ImageNet pretrained models is used to conduct experiments aiming to shed some light about which model should be selected whenever security is a role factor.

Recently, there has been significant enthusiasms in exploiting physical (PHY-) layer characteristics for secure wireless communication. However, most existing PHY-layer security paradigms are information theoretical methodologies, which are infeasible to real and practical systems. In this paper, we propose a weighted fractional Fourier transform (WFRFT) pre-coding scheme to enhance the security of wireless transmissions against eavesdropping. By leveraging the concept of WFRFT, the proposed scheme can easily change the characteristics of the underlying radio signals to complement and secure upper-layer cryptographic protocols. We demonstrate a running prototype based on the LTE-framework. First, the compatibility between the WFRFT pre-coding scheme and the conversational LTE architecture is presented. Then, the security mechanism of the WFRFT pre-coding scheme is demonstrated. Experimental results validate the practicability and security performance superiority of the proposed scheme.

Modern day grid operation requires multiple interlinked applications and many automated processes at control center for monitoring and operation of grid. Information technology integrated with operational technology plays a critical role in grid operation. Computing resource requirements of these software applications varies widely and includes high processing applications, high Input/Output (I/O) sensitive applications and applications with low resource requirements. Present day grid operation control center uses various applications for load despatch schedule management, various real-time analytics & optimization applications, post despatch analysis and reporting applications etc. These applications are integrated with Operational Technology (OT) like Data acquisition system / Energy management system (SCADA/EMS), Wide Area Measurement System (WAMS) etc. This paper discusses various design considerations and implementation of converged infrastructure through virtualization technology by consolidation of servers and storages using multi-cluster approach to meet high availability requirement of the applications and achieve desired objectives of grid control center of north eastern region in India. The process involves weighing benefits of different architecture solution, grouping of application hosts, making multiple clusters with reliability and security considerations, and designing suitable infrastructure to meet all end objectives. Reliability, enhanced resource utilization, economic factors, storage and physical node selection, integration issues with OT systems and optimization of cost are the prime design considerations. Modalities adopted to minimize downtime of critical systems for grid operation during migration from the existing infrastructure and integration with OT systems of North Eastern Regional Load Despatch Center are also elaborated in this paper.

Conventional Security Systems are improving with the advancement of Internet of Things (IoT) based technology. For better security, in addition to the currently available technology, surveillance systems are used. In this research, a Smart Surveillance System with machine-learning capabilities is designed to detect security breaches and it will resolve safety concerns. Machine learning algorithms are implemented to detect intruders as well as suspicious activities. Enery efficiency is the major concern for constant monitoring systems. As a result, the designed system focuses on power consumption by calibrating the system so that it can work on bare minimum power and additionally provides the required output. Fire sensor has also been integrated to detect fire for safety purposes. By adding upon the security infrastructure, next-generation smart surveillance systems can be created for a safe future. The developed system contains the necessary tools to recognize intruders by face recognition. Also using the ambient sensors (PIR sensor, fire detecting sensor), a secure environment is provided during working and non-working hours. The system shows high accuracy in human & flame detection. A more reliable security system can be created with the further development of this research.

In a Leading field of Information Technology moreover make information Security a unified piece of it. To manage security, Authentication assumes a significant part. Biometric is the physical unique identification as well as Authentication for third party. We are proposed the Security model for preventing many attacks so we are used Inner most layer as a 3DES (Triple Encryption standard) Cryptography algorithm that is providing 3-key protection as 64-bit And the outer most layer used the MD5 (Message Digest) Algorithm. i. e. Providing 128 – bit protection. As well as we are using Fingerprint Identification as a physical Security that used in third party remote integrity auditing, and remote data integrity auditing is proposed to ensure the uprightness of the information put away in the cloud. Data Storage of cloud services has expanded paces of acknowledgment because of their adaptability and the worry of the security and privacy levels. The large number of integrity and security issues that arise depends on the difference between the customer and the service provider in the sense of an external auditor. The remote data integrity auditing is at this point prepared to be viably executed. In the meantime, the proposed scheme is depends on identity-based cryptography, which works on the convoluted testament the executives. The safety investigation and the exhibition assessment show that the planned property is safe and productive.

Network Centric Warfare (NCW) is a design that supports information excellence for the concept of military operations. Network Centric Warfare is currently being developed as the basis for the operating concept, namely multidimensional operations. TNI operations do not rely on conventional warfare. TNI operations must work closely with the TNI Puspen team, territorial intelligence, TNI cyber team, and support task force. Sending digital images sent online requires better techniques to maintain confidentiality. The purpose of this research is to design digital image security with AES cryptography and discrete wavelet transform method on interoperability and to utilize and study discrete wavelet transform method and AES algorithm on interoperability for digital image security. The AES cryptography technique in this study is used to protect and maintain the confidentiality of the message while the Discrete Wavelet Transform in this study is used to reduce noise by applying a discrete wavelet transform, which consists of three main steps, namely: image decomposition, thresholding process and image reconstruction. The result of this research is that Digital Image Security to support TNI interoperability has been produced using the C \# programming language framework. NET and Xampp to support application development. Users can send data in the form of images. Discrete Wavelet Transformation in this study is used to find the lowest value against the threshold so that the resulting level of security is high. Testing using the AESS algorithm to encrypt and decrypt image files using key size and block size.

The work shows the RFID cards as e-document rather than a paper passport with embedded chip as the e-passport. This type of Technological advancement creates benefits like the information can be stored electronically. The aim behind this is to reduce or stop the uses of illegal document. This will assure the security and prevent illegal entry in particular country by fake documents it will also maintain the privacy of the owner. Here, this research work has proposed an e-file verification device by means of RFID. Henceforth, this research work attempts to develop a new generation for file verification by decreasing the human effort. The most important idea of this examine is to make it feasible to get admission to the info of proprietor of the file the usage of RFID generation. For this the man or woman is issued RFID card. This card incorporates circuit which is used to store procedure information via way of modulating and demodulating the radio frequency sign transmitted. Therefore, the facts saved in this card are referred to the file element of the man or woman. With the help of the hardware of the proposed research work RFID Based E-Document verification provides a tag to the holder which produces waves of electromagnetic signal and then access the data. The purpose is to make the verification of document easy, secured and with less human intervention. In the proposed work, the comparative analysis is done using RFID technology in which 100 documents are verified in 500 seconds as compared to manual work done in 3000 seconds proves the system to be 6 times more efficient as compared to conventional method.

In recent years, a variety of information security incidents emerge in endlessly, with different types. Security vulnerability is an important factor leading to the security risk of information system, and is the most common and urgent security risk in information system. The research goal of this paper is to seamlessly integrate the security testing process and the integration process of software construction, deployment, operation and maintenance. Through the management platform, the security testing results are uniformly managed and displayed in reports, and the project management system is introduced to develop, regress and manage the closed-loop security vulnerabilities. Before the security vulnerabilities cause irreparable damage to the information system, the security vulnerabilities are found and analyzed Full vulnerability, the formation of security vulnerability solutions to minimize the threat of security vulnerabilities to the information system.

In order to solve the problem of data analysis and application caused by the inefficient integration of hardware and software compatibility of hardware in the Internet of things, this paper proposes and designs a C/S framework communication system based on task driven and multi-user authority. By redefining the relationship between users and hardware and adopting the matching framework for different modules, the system realizes the high concurrent and complex data efficient collaborative processing between software and hardware. Finally, by testing and verifying the functions of the system, the communication system effectively realizes the functions of data processing between software and hardware, and achieves the expected results.

The goal of the edge computing framework is to solve the problem of management and control in the access of massive 5G terminals in the power Internet of things. Firstly, this paper analyzes the needs of IOT agent in 5G ubiquitous connection, equipment management and control, intelligent computing and other aspects. In order to meet with these needs, paper develops the functions and processes of the edge computing framework, including unified access of heterogeneous devices, protocol adaptation, edge computing, cloud edge collaboration, security control and so on. Finally, the performance of edge computing framework is verified by the pressure test of 5G wireless ubiquitous connection.

This research work consists in to design a system of occupancy simulation in smart homes based on IoT, in order to create configurations within a home that make look like the daily behavior of home inhabitants. Due to the high rate of burglary in uninhabited places, reaching an 9% in average in 2019 in the Chilean case, technologies have been involved with greater emphasis on improving security systems, where the implementation of the Internet of Things will allow rapid action against the intruder detection in those places. The proposed IoT system is based on a motion sensor, actuators as relays and lights, Arduino platform to control system, and a Amazon Echo virtual assistant to interface with inhabitants. The main contribution of this prototype security system is the integration of different IoT (Adafruit, IFTTT) and control platforms (Arduino uno and NodeMCU), virtual assistant (Alexa) and actuators, which has features that can be replicated in larger processes and with a larger number of devices. The results demonstrate that security system create an environment occupied by owners without to be inside home, through sensors and actuators.

In Forward Error Correction (FEC), redundant bits are added for detecting and correcting bit error which increases the bandwidth. To solve this issue we combined FEC method with higher order M-ary modulation to provide a bandwidth efficient system. An input bit stream is mapped to a bi-orthogonal code on different levels based on the code rates (4/16, 3/16, and 2/16) used. The jamming attack on wireless networks are mitigated by Chaotic Frequency Hopping (CFH) spread spectrum technique. In this paper, to achieve better data rate and to transmit the data in a secured manner we combined FEC and CFH technique, represented as Code and Chaotic Frequency Modulation (CCFM). In addition, two rate adaptation algorithms namely Static retransmission rate ARF (SARF) and Fast rate reduction ARF (FARF) are employed in CFH technique to dynamically adapt the code rate based on channel condition to reduce a packet retransmission. Symbol Error Rate (SER) performance of the system is analyzed for different code rate with the conventional OFDM in the presence AWGN and Rayleigh channel and the reliability of CFH method is tested under different jammer.

In order to improve the accuracy and efficiency of transmission line safety early warning, a transmission line safety early warning system based on big data variable analysis is proposed. Firstly, the overall architecture of the system is designed under the B / S architecture. Secondly, in the hardware part of the system, the security data real-time monitoring module, data transmission module and security warning module are designed to meet the functional requirements of the system. Finally, in the system software design part, the big data variable analysis method is used to calculate the hidden danger of transmission line safety, so as to improve the effectiveness of transmission safety early warning. The experimental results show that, compared with the traditional security early warning system, the early warning accuracy and efficiency of the designed system are significantly improved, which can ensure the safe operation of the transmission line.

A Visible Light Communication (VLC) is a fast growing technology became ubiquitous in the Optical wireless communication domain. It has the benefits of high security, high bandwidth, less power consumption, free from Electro Magnetic radiation hazards. VLC can help to address the looming spectrum crunch problem with secure communication in an unlimited spectrum. VLC provides extensive wireless connectivity with larger data densities than Wi-Fi along with added security features that annihilate unwanted external network invasion. The problem such as energy consumption and infrastructure complexity has been reduced by integrating the illumination and data services. The objective is to provide fast data communication with uninterrupted network connectivity and high accuracy to the user. In this paper, a proposed visible light communication system for transmitting text information using amplitude shift keying modulation (ASK) has been presented. Testing of transmitter and receiver block based on frequency, power and distance has been analyzed. The results show that the receiver is capable of receiving input data with minimum length under direct communication with the transmitter.