Biblio

This paper continues analysis of approaches of IT risk assessment and management in modern IT management frameworks. Building on systematicity principles and the review of concepts of risk and methods of risk analysis in the frameworks, we discuss applicability of the methods for business decision-making in the real world and propose ways to their improvement.

The need for cyber resilience is increasingly important in our technology-dependent society, where computing systems, devices and data will continue to be the target of cyber attackers. Hence, we propose a conceptual framework called ‘Human-in-the-Loop Explainable-AI-Enabled Vulnerability Detection, Investigation, and Mitigation’ (HXAI-VDIM). Specifically, instead of resolving complex scenario of security vulnerabilities as an output of an AI/ML model, we integrate the security analyst or forensic investigator into the man-machine loop and leverage explainable AI (XAI) to combine both AI and Intelligence Assistant (IA) to amplify human intelligence in both proactive and reactive processes. Our goal is that HXAI-VDIM integrates human and machine in an interactive and iterative loop with security visualization that utilizes human intelligence to guide the XAI-enabled system and generate refined solutions.

With tons of efforts spent on its mitigation, Cross-site scripting (XSS) remains one of the most prevalent security threats on the internet. Decades of exploitation and remediation demonstrated that code inspection and testing alone does not eliminate XSS vulnerabilities in complex web applications with a high degree of confidence. This paper introduces Google's secure-by-design engineering paradigm that effectively prevents DOM-based XSS vulnerabilities in large-scale web development. Our approach, named API hardening, enforces a series of company-wide secure coding practices. We provide a set of secure APIs to replace native DOM APIs that are prone to XSS vulnerabilities. Through a combination of type contracts and appropriate validation and escaping, the secure APIs ensure that applications based thereon are free of XSS vulnerabilities. We deploy a simple yet capable compile-time checker to guarantee that developers exclusively use our hardened APIs to interact with the DOM. We make various of efforts to scale this approach to tens of thousands of engineers without significant productivity impact. By offering rigorous tooling and consultant support, we help developers adopt the secure coding practices as seamlessly as possible. We present empirical results showing how API hardening has helped reduce the occurrences of XSS vulnerabilities in Google's enormous code base over the course of two-year deployment.

An image hiding algorithm based on bit plane and two-dimensional code is proposed in this paper. The main characteristic of information hiding is to use the information redundant data of the existing image, to embed the information into these redundant data by the information hiding algorithm, or to partially replace redundant information with information to be embedded to achieve a visual invisible purpose. We first analyze the color index usage frequency of the block index matrix in the algorithm, and calculate the distance between the color of the block index matrix with only one color and the other color in the palette that is closest to the color. Then, the QR model and the compression model are applied to improve the efficiency. We compare the proposed model with the stateof-the-art models.

This research presented a digital watermarking scheme using multi-level authentication for protecting QR code images in order to provide security and authenticity. This research focuses on the improved digital watermarking scheme for QR code security that can protect the confidentiality of the information stored in QR code images from the public. Information modification, malicious attack, and copyright violation may occur due to weak security and disclosure pattern of QR code. Digital watermarking can be a solution to reduce QR code imitation and increase QR code security and authenticity. The objectives of this research are to provide QR code image authentication and security, tamper localization, and recovery scheme on QR code images. This research proposed digital watermarking for QR code images based on multi-level authentication with Least Significant Bit (LSB) and SHA-256 hash function. The embedding and extracting watermark utilized region of Interest (ROI) and Region of Non-Interest (RONI) in the spatial domain for improving the depth and width of QR code application in the anti-counterfeiting field. The experiments tested the reversibility and robustness of the proposed scheme after a tempered watermarked QR code image. The experimental results show that the proposed scheme provides multi-level security, withstands tampered attacks and it provided high imperceptibility of QR code image.

The Internet of Vehicles (IoV) is a network that considers vehicles as intelligent machines. They interact and communicate with each other to improve the performance and safety of traffic. IoV solves certain problems, but it has some issues such as response time, which prompted researchers to propose the integration of Fog Computing into vehicular networks. In Vehicular Fog Computing (VFC), the services are provided at the edge of the network to increase data rate and reduce response time. However, in order to satisfy network users, the security and privacy of sensitive data should be guaranteed. Using pseudonyms instead of real identities is one of the techniques considered to preserve the privacy of users, however, this can push malicious vehicles to exploit such a process and launch the Sybil attack by creating several pseudonyms in order to perform various malicious activities. In this paper, we describe the Sybil attack effects on VFC networks and compare them to those in conventional networks, as well as identify the various existing methods for detecting this attack and determine if they are applicable to VFC networks.

Modbus is a popular industrial communication protocol supported by most automation devices. Despite its popularity, it is not a secure protocol because when it was developed, security was not a concern due to closed environments of industrial control systems. With the convergence of information technology and operational technology in recent years, the security of industrial control systems has become a serious concern. Due to the high availability requirements, it is not practical or feasible to do security experimentation of production systems. We present an implementation of cyber-physical systems with Modbus/TCP communication for real-time security testing. The proposed architecture consists of a process simulator, an IEC 61131-3 compliant programmable logic controller, and a human-machine interface, all communicating via Modbus/TCP protocol. We use Simulink as the process simulator. It does not have built-in support for the Modbus protocol. A contribution of the proposed work is to extend the functionality of Simulink with a custom block to enable Modbus communication. We use two case studies to demonstrate the utility of the cyber-physical system architecture. We can model complex industrial processes with this architecture, can launch cyber-attacks, and develop protection mechanisms.

The Internet obviously has a major impact on the global economy and human life every day. This boundless use pushes the attack programmers to attack the data frameworks on the Internet. Web attacks influence the reliability of the Internet and its administrations. These attacks are classified as User-to-Root (U2R), Remote-to-Local (R2L), Denial-of-Service (DoS) and Probing (Probe). Subsequently, making sure about web framework security and protecting data are pivotal. The conventional layers of safeguards like antivirus scanners, firewalls and proxies, which are applied to treat the security weaknesses are insufficient. So, Intrusion Detection Systems (IDSs) are utilized to screen PC and data frameworks for security shortcomings. IDS adds more effectiveness in securing networks against attacks. This paper presents an IDS model based on Deep Learning (DL) with Convolutional Neural Network (CNN) hypothesis. The model has been evaluated on the NSLKDD dataset. It has been trained by Kddtrain+ and tested twice, once using kddtrain+ and the other using kddtest+. The achieved test accuracies are 99.7% and 98.43% with 0.002 and 0.02 wrong alert rates for the two test scenarios, respectively.

The digitalization of safety-critical railroad infrastructure enables new types of attacks. This increases the need to integrate Information Technology (IT) security measures into railroad systems. For that purpose, we rely on a security architecture for a railway object controller which controls field elements that we developed in previous work. Our architecture enables the integration of security mechanisms into a safety-certified railway system. In this paper, we demonstrate the practical feasibility of our architecture by using a Trusted Platform Module (TPM) 2.0 and a Multiple Independent Levels of Safety and Security (MILS) Separation Kernel (SK) for our implementation. Our evaluation includes a test bed and shows how certification and homologation can be achieved.

Cloud computing is a modern computing mode based on network, which is widely participated by the public, and provides virtualized dynamic computing resources in the form of services. Cloud computing builds an effective communication platform with the help of computer internet, so that users can get the same computing resources even if they are in different areas. With its unique technical characteristics and advantages, cloud computing has been deployed to practical applications more and more, and the consequent security problems of cloud computing have become increasingly prominent. In addition to the original cloud computing environment, this paper proposes to build a secure cloud with cloud technology, deploy security agents in the business cloud, connect the business cloud, security cloud and security agents through SDN (software defined network) technology, and dynamically divide the business cloud into logically isolated business areas through security agents. Therefore, security is separated from the specific implementation technology and deployment scheme of business cloud, and an information security protection scheme under cloud computing environment is proposed according to the characteristics of various factors, so as to enhance the security of network information.

Blockchain transactions are signed by private keys. Secure key storage and tamper resistant computing, are critical requirements for deployments of trusted infrastructure. In this paper we identify some threats against blockchain wallets, and we introduce a set of physical and logical countermeasures in order to defeat them. We introduce open software and hardware architectures based on secure elements, which enable detection of cloned device and corrupted software. These technologies are based on resistant computing (javacard), smartcard anti cloning, smartcard self content attestation, applicative firewall, bare metal architecture, remote attestation, dynamic PUF (Physical Unclonable Function), and programming token as root of trust.

In recent years, insider threat incidents and losses of companies or organizations are on the rise, and internal network security is facing great challenges. Traditional intrusion detection methods cannot identify malicious behaviors of insiders. As an effective method, insider threat detection technology has been widely concerned and studied. In this paper, we use the tree structure method to analyze user behavior, form feature sequences, and combine the Copula Based Outlier Detection (COPOD) method to detect the difference between feature sequences and identify abnormal users. We experimented on the insider threat dataset CERT-IT and compared it with common methods such as Isolation Forest.

This paper provides an overview of the security service controls that are applied in a big data processing (BDP) system to defend against cyber security attacks. We validate this approach by modeling attacks and effectiveness of security service controls in a sequence of states and transitions. This Finite State Machine (FSM) approach uses the probable effectiveness of security service controls, as defined in the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF). The attacks used in the model are defined in the ATT&CK™ framework. Five different BDP security architecture configurations are considered, spanning from a low-cost default BDP configuration to a more expensive, industry supported layered security architecture. The analysis demonstrates the importance of a multi-layer approach to implementing security in BDP systems. With increasing interest in using BDP systems to analyze sensitive data sets, it is important to understand and justify BDP security architecture configurations with their significant costs. The output of the model demonstrates that over the run time, larger investment in security service controls results in significantly more uptime. There is a significant increase in uptime with a linear increase in security service control investment. We believe that these results support our recommended BDP security architecture. That is, a layered architecture with security service controls integrated into the user interface, boundary, central management of security policies, and applications that incorporate privacy preserving programs. These results enable making BDP systems operational for sensitive data accessed in a multi-tenant environment.

A main type of Mobile Ad hoc Networks (MANET) and essential infrastructure to provide a wide range of safety applications to passengers in vehicles (VANET) are established. VANETs are more popular today as they connect to a variety of invisible services. VANET protection is crucial as its potential use must not endanger the safety and privacy of its users. The safety of these VANETs is essential to safe and efficient safety systems and facilities and uncertainty continues and research in this field continues to grow rapidly. We will explain the characteristics and problems of VANETs in this paper. Also, all threats and attacks that affect integrity and authentication in VANETs will be defined. Description of researchers' work was consequently addressed as the table with the problems of the suggested method and objective.

With the development of communication technology, the disadvantages of traditional notification methods such as low efficiency gradually appear. With the introduction of WAP with WTLS security and its development and maintenance, more and more notification systems are using this technology. Through the analysis, design and implementation of notification system for large user groups, this paper studies how to collect and notify data without affecting the business system, and proposes a scheme of real-time data acquisition and filtering based on trigger. The middleware and application server implementation transaction management and database operation to separate CICS middleware technology based on research using UNIXC, Socket programming, SQL statements, SYBASE database technology, from the system requirements, business process, function structure, database and data structure, the input and output of the system, system testing the aspects such as design of practical significance to intelligent notification system for large user groups. Finally, the paper describes the test effect of the system in detail. 10 users send 1, 5, 10 and 20 strokes at the same time, and the completion time is 0.28, 1.09, 1.58 and 2.20 seconds, which proves that the system has practical significance.

Vehicular Ad hoc Networks commonly abbreviated as VANETs, are an important component of MANET. VANET refers to the group of vehicles that are interlinked to one another through wireless network. Along with technology, comes the threats. Like other wireless networks, VANETs also are vulnerable to various security threats. Security in VANETs is a major issue that attracted many researchers and academicians. One small security breach can cause a big damage in case of VANETs as in this case human lives are involved. Intrusion Detection Systems (IDS) are employed in VANETs in order to detect and identify any malicious activity in the network. The IDS works by analysing the network and detecting any intrusions tried or made in the network so that proper steps could be taken timely to prevent damage from such activities. This paper reviews Intrusion Detection systems, classification of IDS based on various factors and then the architecture of IDS. We then reviewed some of the recent and important intrusion detection research works and then compared them with one another.

The industry of telecommunications is being transformed towards 5G technology, because it has to deal with the emerging and existing use cases. Because, 5G wireless networks need rather large data rates and much higher coverage of the dense base station deployment with the bigger capacity, much better Quality of Service - QoS, and the need very low latency [1–3]. The provision of the needed services which are envisioned by 5G technologies need the new service models of deployment, networking architectures, processing technologies and storage to be defined. These technologies will cause the new problems for the cybersecurity of 5G systems and the security of their functionality. The developers and researchers working in this field make their best to secure 5G systems. The researchers showed that 5G systems have the security challenges. The researchers found the vulnerabilities in 5G systems which allow attackers to integrate malicious code into the system and make the different types of the illegitimate actions. MNmap, Battery drain attacks and MiTM can be successfully implemented on 5G. The paper makes the analysis of the existing cyber security problems in 5G technology. Based on the analysis, we suggest the novel Intrusion Detection System - IDS by means of the machine-learning algorithms. In the related papers the scientists offer to use NSL-KDD in order to train IDS. In our paper we offer to train IDS using the big datasets of DOS/DDOS attacks, besides of training using NSL-KDD. The research also offers the methodology of integration of the offered intrusion detection systems into an standard architecture of 5G. The paper also offers the pseudo code of the designed system.

At present, machine learning (ML) algorithms are essential components in designing the sophisticated intrusion detection system (IDS). They are building-blocks to enhance cyber threat detection and help in classification at host-level and network-level in a short period. The increasing global connectivity and advancements of network technologies have added unprecedented challenges and opportunities to network security. Malicious attacks impose a huge security threat and warrant scalable solutions to thwart large-scale attacks. These activities encourage researchers to address these imminent threats by analyzing a large volume of the dataset to tackle all possible ranges of attack. In this proposed method, we calculated the fitness value of each feature from the population by using a genetic algorithm (GA) and selected them according to the fitness value. The fitness values are presented in hierarchical order to show the effectiveness of problem decomposition. We implemented Support Vector Machine (SVM) to verify the consistency of the system outcome. The well-known NSL-knowledge discovery in databases (KDD) was used to measure the performance of the system. From the experiments, we achieved a notable classification accuracies using a SVM of the current state of the art intrusion detection.

Use of formal protocol description techniques and code generation can reduce bugs in network packet parsing code. However, such techniques are themselves complex, and don't see wide adoption in the protocol standards development community, where the focus is on consensus building and human-readable specifications. We explore the utility and effectiveness of new techniques for describing protocol data, specifically designed to integrate with the standards development process, and discuss how they can be used to generate code that is safer and more trustworthy, while maintaining correctness and performance.

In the context of the Industry 4.0 initiative, Cyber-Physical Production Systems (CPPS) or Cyber Manufacturing Systems (CMS) can be characterized as advanced networked mechatronic production systems gaining their added value by interaction with different systems using advanced communication technologies. Appropriate wired and wireless communication technologies and standards need to add timing in combination with security concepts to realize the potential improvements in the production process. One of these standards is IO-Link Wireless, which is used for sensor/actuator network operation. In this paper cryptographic performance and energy efficiency of an IO-Link Wireless Device are analyzed. The power consumption and the influence of the cryptographic operations on the trans-mission timing of the IO-Link Wireless protocol are exemplary measured employing a Phytec module based on a CC2650 system-on-chip (SoC) radio transceiver [2]. Confidentiality is considered in combination with the cryptographic performance as well as the energy efficiency. Different cryptographic algorithms are evaluated using the on chip hardware accelerator compared to a cryptographic software implementation.

Internet of Things (IoT) devices are ubiquitous, with web cameras, smart refrigerators, and digital assistants appearing in homes, offices, and public spaces. However, these devices are lacking in security measures due to their low time to market and insufficient funding for security research and development. In order to improve the security of IoTs, we have defined novel security metrics based on generic IoT characteristics. Furthermore, we have developed automation for experimentation with IoT devices that results to repeatable and reproducible calculations of security metrics within a realistic IoT testbed. Our results demonstrate that repeatable IoT security measurements are feasible with automation. They prove quantitatively intuitive hypotheses. For example, an large number of inbound / outbound network connections contributes to higher probability of compromise or measuring password strength leads to a robust estimation of IoT security.

Logic obfuscation has been proposed as a counter-measure against supply chain threats such as overproduction and IP piracy. However, the functional corruption it offers can be exploited by oracle-guided pruning attacks to recover the obfuscation key, forcing existing logic obfuscation methods to trivialize their output corruption which in turn leads to a diminished protection scope. In this paper, we address this quandary through an FSM obfuscation methodology that delivers obfuscation scope not only through external secrets but more importantly through inherent state transition patterns. We leverage a minimum-cut graph partitioning algorithm to divide the FSM diagram and implement the resulting partitions with distinct FF configurations, enabled by a novel synthesis methodology supporting reconfigurable FFs. The obfuscated FSM can be activated by invoking key values to dynamically switch the FF configuration at a small number of inter-partition transitions. Yet, the overall obfuscation scope comprises far more intra-partition transitions which are driven solely by the inherent transition sequences and thus reveal no key trace. We validate the security of the proposed obfuscation method against numerous functional and structural attacks. Experimental results confirm its delivery of extensive obfuscation scope at marginal overheads.

Polar codes have been shown to provide an effective mechanism for achieving physical-layer security over various wiretap channels. A majority of these schemes require channel state information (CSI) at the encoder for both intended receivers and eavesdroppers. In this paper, we consider a polar coding scheme for secrecy over a Gaussian wiretap channel when no CSI is available. We show that the availability of a shared keystream between friendly parties allows polar codes to be used for both secure and reliable communications, even when the eavesdropper knows a large fraction of the keystream. The scheme relies on a predetermined strategy for partitioning the bits to be encoded into a set of frozen bits and a set of information bits. The frozen bits are filled with bits from the keystream, and we evaluate the security gap when the cyclic redundancy check-aided successive cancellation list decoder is used at both receivers in the wiretap channel model.

Modern Intelligent Transport Systems (ITSs) are comprehensive applications that have to cope with a multitude of challenges while meeting strict service and security standards. A novel data-centric middleware that provides the foundation of such systems is presented in this paper. This middleware is designed for high scalability, fast data processing and multimodality. To achieve these goals, an innovative spatial annotation (SpatiaIJSON) is utilised. SpatialJSON allows the representation of geometry, topology and traffic information in one dataset. Data processing is designed in such a manner that any schema or ontology can be used to express information. Further, common concerns of ITSs are addressed, such as authenticity of messages. The core task, however, is to ensure a quick exchange of evaluated information between the individual traffic participants.

The emergence of the 5G network has boosted the advancements in the field of the internet of things (IoT) and edge/cloud computing. We present a novel architecture to detect fire in indoor and outdoor environments, dubbed as EAC-FD, an abbreviation of edge and cloud-based fire detection. Compared with existing frameworks, ours is lightweight, secure, cost-effective, and reliable. It utilizes a hybrid edge and cloud computing framework with Intel neural compute stick 2 (NCS2) accelerator is for inference in real-time with Raspberry Pi 3B as an edge device. Our fire detection model runs on the edge device while also capable of cloud computing for more robust analysis making it a secure system. We compare different versions of SSD-MobileNet architectures with ours suitable for low-end devices. The fire detection model shows a good balance between computational cost frames per second (FPS) and accuracy.