Biblio

Digitalisation of domains such as medical and railway utilising cloud and networking technologies such as 5G and forthcoming 6G systems presents additional security challenges. The establishment of the identity, integrity and provenance of devices, services and other functional components removed a number of attack vectors and addresses a number of so called zero-trust security requirements. The addition of trusted hardware, such as TPM, and related remote attestation integrated with the networking and cloud infrastructure will be necessary requirement.

A real or potential threat to various large and small security objects, which comes from both internal and external attackers, determines one or another activities to ensure internal and external security. These actions depend on the spheres of life of state and society, which are targeted by the security threats. These threats can be conveniently classified into political threats (or threats to the existing constitutional order), economic, military, informational, technogenic, environmental, corporate, and other threats. The article discusses a model of an information system, which main criterion is the system security based on the concept of risk. When considering the model, it was determined that it possess multi-criteria aspects. Therefore the establishing the quantitative and qualitative characteristics is a complex and dynamic task. The paper proposes to use the mathematical apparatus of the teletraffic theory in one of the elements of the protected system, namely, in the end-to-end security subsystem.

The pervasive presence of smart objects in almost every corner of our everyday life urges the security of such embedded systems to be the point of attention. Memory vulnerabilities in the embedded program code, such as buffer overflow, are the entry point for powerful attack paradigms such as Code-Reuse Attacks (CRAs), in which attackers corrupt systems’ execution flow and maliciously alter their behavior. Control-Flow Integrity (CFI) has been proven to be the most promising approach against such kinds of attacks, and in the literature, a wide range of flow monitors are proposed, both hardware-based and software-based. While the formers are hardly applicable as they impose design alteration of underlying hardware modules, on the contrary, software solutions are more flexible and also portable to the existing devices. Real-Time Operating Systems (RTOS) and their key role in application development for embedded systems is the main concern regarding the application of the CFI solutions.This paper discusses the still open challenges and issues regarding the implementation of control-flow integrity policies on operating systems for embedded systems, analyzing the solutions proposed so far in the literature, highlighting possible limits in terms of performance, applicability, and protection coverage, and proposing possible improvement directions.

The process of Big data storage has become challenging due to the expansion of extensive data; data providers will offer encrypted data and upload to Big data. However, the data exchange mechanism is unable to accommodate encrypted data. Particularly when a large number of users share the scalable data, the scalability becomes extremely limited. Using a contemporary privacy protection system to solve this issue and ensure the security of encrypted data, as well as partially homomorphic re-encryption and decryption (PHRED). This scheme has the flexibility to share data by ensuring user's privacy with partially trusted Big Data. It can access to strong unforgeable scheme it make the transmuted cipher text have public and private key verification combined identity based Augmented Homomorphic Re Encryption Decryption(AHRED) on paillier crypto System with Laplacian noise filter the performance of the data provider for privacy preserving big data.

The transmission and storage process for the power data in an intelligent grid has problems such as a single point of failure in the central node, low data credibility, and malicious manipulation or data theft. The characteristics of decentralization and tamper-proofing of blockchain and its distributed storage architecture can effectively solve malicious manipulation and the single point of failure. However, there are few safe and reliable data transmission methods for the significant number and various identities of users and the complex node types in the power blockchain. Thus, this paper proposes a collaborative control scheme between on-chain and off-chain power data based on the distributed oracle technology. By building a trusted on-chain transmission mechanism based on distributed oracles, the scheme solves the credibility problem of massive data transmission and interactive power data between smart contracts and off-chain physical devices safely and effectively. Analysis and discussion show that the proposed scheme can realize the collaborative control between on-chain and off-chain data efficiently, safely, and reliably.

This paper proposes a digital image compression-encryption scheme based on the theory of singular value decomposition, multiple chaos and Beta function, which uses SVD to compress the digital image and utilizes three way protections for encryption viz. logistic and Arnold map along with the beta function. The algorithm has three advantages: First, the compression scheme gives the freedom to a user so that one can select the desired compression level according to the application with the help of singular value. Second, it includes a confusion mechanism wherein the pixel positions of image are scrambled employing Cat Map. The pixel location is shuffled, resulting in a cipher text image that is safe for communication. Third the key is generated with the help of logistic map which is nonlinear and chaotic in nature therefore highly secured. Fourth the beta function used for encryption is symmetric in nature which means the order of its parameters does not change the outcome of the operation, meaning faithful reconstruction of an image. Thus, the algorithm is highly secured and also saving the storage space as well. The experimental results show that the algorithm has the advantages of faithful reconstruction with reasonable PSNR on different singular values.

This paper proposes an efficient face template protection system based on homomorphic encryption. By developing a message packing method suitable for the calculation of the squared Euclidean distance, the proposed system computes the squared Euclidean distance between facial features by a single homomorphic multiplication. Our experimental results show the transaction time of the proposed system is about 14 times faster than that of the existing face template protection system based on homomorphic encryption presented in BIOSIG2020.

As multi-robot systems (MRS) are widely used in various tasks such as natural disaster response and social security, people enthusiastically expect an MRS to be ubiquitous that a general user without heavy training can easily operate. However, humans have various preferences on balancing between task performance and safety, imposing different requirements onto MRS control. Failing to comply with preferences makes people feel difficult in operation and decreases human willingness of using an MRS. Therefore, to improve social acceptance as well as performance, there is an urgent need to adjust MRS behaviors according to human preferences before triggering human corrections, which increases cognitive load. In this paper, a novel Meta Preference Learning (MPL) method was developed to enable an MRS to fast adapt to user preferences. MPL based on meta learning mechanism can quickly assess human preferences from limited instructions; then, a neural network based preference model adjusts MRS behaviors for preference adaption. To validate method effectiveness, a task scenario "An MRS searches victims in an earthquake disaster site" was designed; 20 human users were involved to identify preferences as "aggressive", "medium", "reserved"; based on user guidance and domain knowledge, about 20,000 preferences were simulated to cover different operations related to "task quality", "task progress", "robot safety". The effectiveness of MPL in preference adaption was validated by the reduced duration and frequency of human interventions.

Nowadays, the increasing complexity of digital applications for social and business activities has required more and more advanced mechanisms to prove the identity of subjects like those based on the Two-Factor Authentication (2FA). Such an approach improves the typical authentication paradigm but it has still some weaknesses. Specifically, it has to deal with the disadvantages of a centralized architecture causing several security threats like denial of service (DoS) and man-in-the-middle (MITM). In fact, an attacker who succeeds in violating the central authentication server could be able to impersonate an authorized user or block the whole service. This work advances the state of art of 2FA solutions by proposing a decentralized Microservices and Blockchain Based One Time Password (MBB-OTP) protocol for security-enhanced authentication able to mitigate the aforementioned threats and to fit different application scenarios. Experiments prove the goodness of our MBB-OTP protocol considering both private and public Blockchain configurations.

Risk-based authentication (RBA) extends authentication mechanisms to make them more robust against account takeover attacks, such as those using stolen passwords. RBA is recommended by NIST and NCSC to strengthen password-based authentication, and is already used by major online services. Also, users consider RBA to be more usable than two-factor authentication and just as secure. However, users currently obtain RBA’s high security and usability benefits at the cost of exposing potentially sensitive personal data (e.g., IP address or browser information). This conflicts with user privacy and requires to consider user rights regarding the processing of personal data. We outline potential privacy challenges regarding different attacker models and propose improvements to balance privacy in RBA systems. To estimate the properties of the privacy-preserving RBA enhancements in practical environments, we evaluated a subset of them with long-term data from 780 users of a real-world online service. Our results show the potential to increase privacy in RBA solutions. However, it is limited to certain parameters that should guide RBA design to protect privacy. We outline research directions that need to be considered to achieve a widespread adoption of privacy preserving RBA with high user acceptance.

Reward functions are critical hyperparameters with commercial values for individual or distributed reinforcement learning (RL), as slightly different reward functions result in significantly different performance. However, existing inverse reinforcement learning (IRL) methods can be utilized to approximate reward functions just based on collected expert trajectories through observing. Thus, in the real RL process, how to generate a polluted trajectory and perform an adversarial attack on IRL for protecting reward functions has become the key issue. Meanwhile, considering the actual RL cost, generated adversarial trajectories should be minimal and non-catastrophic for ensuring normal RL performance. In this work, we propose a novel approach to craft adversarial trajectories disguised as expert ones, for decreasing the IRL performance and realize the anti-IRL ability. Firstly, we design a reward clustering-based metric to integrate both advantages of fine- and coarse-grained IRL assessment, including expected value difference (EVD) and mean reward loss (MRL). Further, based on such metric, we explore an adversarial attack based on agglomerative nesting algorithm (AGNES) clustering and determine targeted states as starting states for reward perturbation. Then we employ the intrinsic fear model to predict the probability of imminent catastrophe, supporting to generate non-catastrophic adversarial trajectories. Extensive experiments of 7 state-of-the-art IRL algorithms are implemented on the Object World benchmark, demonstrating the capability of our proposed approach in (a) decreasing the IRL performance and (b) having minimal and non-catastrophic adversarial trajectories.

Surveillance systems involve a camera module (at a fixed location) connected/streaming video via Internet Protocol to a (video) server. In our IMPRINT consortium project, by mounting miniaturised camera module/s on mobile quadruped-lizard like robots, we developed a stealth surveillance system, which could be very useful as a monitoring system in hostage situations. In this paper, we report about the communication system that enables secure transmission of: Live-video from robots to a server, GPS-coordinates of robots to the server and Navigation-commands from server to robots. Since the end application is for stealth surveillance, often can involve sensitive data, data security is a crucial concern, especially when data is transmitted through the internet. We use the RC4 algorithm for video transmission; while the AES algorithm is used for GPS data and other commands’ data transmission. Advantages of the developed system is easy to use for its web interface which is provided on the control station. This communication system, because of its internet-based communication, it is compatible with any operating system environment. The lightweight program runs on the control station (on the server side) and robot body that leads to less memory consumption and faster processing. An important requirement in such hostage surveillance systems is fast data processing and data-transmission rate. We have implemented this communication systems with a single-board computer having GPU that performs better in terms of speed of transmission and processing of data.

Zero Trust security model permits to secure cloud native applications while encrypting all network communication, authenticating, and authorizing every request. The service mesh can enable Zero Trust using a side-car proxy without changes to the application code. To the best of our knowledge, no previous work has provided a performance analysis of Zero Trust in a multi-cloud environment. This paper proposes a multi-cloud framework and a testing workflow to analyse performance of the data plane under load and the impact on the control plane, when Zero Trust is enabled. The results of preliminary tests show that Istio has reduced latency variability in responding to sequential HTTP requests. Results also reveal that the overall CPU and memory usage can increase based on service mesh configuration and the cloud environment.

The notion of Zero Trust Architecture (ZTA) has been introduced as a fine-grained defense approach. It assumes that no entities outside and inside the protected system can be trusted and therefore requires articulated and high-coverage deployment of security controls. However, ZTA is a complex notion which does not have a single design solution; rather it consists of numerous interconnected concepts and processes that need to be assessed prior to deciding on a solution. In this paper, we outline a ZTA design methodology based on cyber risks and the identification of known high security risks. We then discuss challenges related to the design and deployment of ZTA and related solutions. We also discuss the role that service technology can play in ZTA.

Enabled by the industrial Internet, intelligent transportation has made remarkable achievements such as autonomous vehicles by carnegie mellon university (CMU) Navlab, Google Cars, Tesla, etc. Autonomous vehicles benefit, in various aspects, from the cooperation of the industrial Internet and cyber-physical systems. In this process, users in autonomous vehicles submit query contents, such as service interests or user locations, to service providers. However, privacy concerns arise since the query contents are exposed when the users are enjoying the services queried. Existing works on privacy preservation of query contents rely on location perturbation or k-anonymity, and they suffer from insufficient protection of privacy or low query utility incurred by processing multiple queries for a single query content. To achieve sufficient privacy preservation and satisfactory query utility for autonomous vehicles querying services in cyber-physical systems, this article proposes a novel privacy notion of client-based personalized k-anonymity (CPkA). To measure the performance of CPkA, we present a privacy metric and a utility metric, based on which, we formulate two problems to achieve the optimal CPkA in term of privacy and utility. An approach, including two modules, to establish mechanisms which achieve the optimal CPkA is presented. The first module is to build in-group mechanisms for achieving the optimal privacy within each content group. The second module includes linear programming-based methods to compute the optimal grouping strategies. The in-group mechanisms and the grouping strategies are combined to establish optimal CPkA mechanisms, which achieve the optimal privacy or the optimal utility. We employ real-life datasets and synthetic prior distributions to evaluate the CPkA mechanisms established by our approach. The evaluation results illustrate the effectiveness and efficiency of the established mechanisms.

Files in the backup of iOS devices can be a potential source of evidentiary data. Particularly, the iOS backup (obtained through a logical acquisition technique) is widely used by many forensic tools to sift through the data. A significant challenge faced by several forensic tool developers is the changes in the data organization of the iOS backup. This is due to the fact that the iOS operating system is frequently updated by Apple Inc. Many iOS application developers release periodical updates to iOS mobile applications. Both these reasons can cause significant changes in the way user data gets stored in the iOS backup files. Moreover, approximately once every couple years, there could be a major iOS release which can cause the reorganization of files and folders in the iOS backup. Directories in the iOS backup contain SQLite databases, plist files, XML files, text files, and media files. Android/iOS devices generally use SQLite databases since it is a lightweight database. Our focus in this paper is to analyze the SQLite schema evolution specific to iOS and assist forensic tool developers in keeping their tools compatible with the latest iOS version. Our recommendations for updating the forensic data extraction tools is based on the observation of schema changes found in successive iOS versions.

The fast improvement in telecommunication technologies that has characterised the last decade is enabling a revolution centred on Cyber-Physical Systems (CPSs). Elements inside cities, from vehicles to cars, can now be connected and share data, describing both our environment and our behaviours. These data can also be used in an active way, by becoming the tenet of innovative services and products, i.e. of Cyber-Physical Products (CPPs). Still, having data is not tantamount to having knowledge, and an important overlooked topic is how should them be analysed. In this contribution we tackle the issue of the development of an analytics toolbox for processing CPS data. Specifically, we review and quantify the main requirements that should be fulfilled, both functional (e.g. flexibility or dependability) and technical (e.g. scalability, response time, etc.). We further propose an initial set of analysis that should in it be included. We finally review some challenges and open issues, including how security and privacy could be tackled by emerging new technologies.

The linear regression is a machine learning algorithm used for prediction. But if the input data is in plaintext form then there is a high probability that the sensitive information will get leaked. To overcome this, here we are proposing a method where the input data is encrypted using Homomorphic encryption. The machine learning algorithm can be used on this encrypted data for prediction while maintaining the privacy and secrecy of the sensitive data. The output from this model will be an encrypted result. This encrypted result will be decrypted using a Homomorphic decryption technique to get the plain text. To determine the accuracy of our result, we will compare it with the result obtained after applying the linear regression algorithm on the plain text.

Authentication and access control techniques are fundamental security elements to restrict access to critical resources in IoT environment. In the current state-of-the-art approaches in the literature, the architectures do not address the security features of authentication and access control together. Besides, they don't completely fulfill the key Internet-of-Things (IoT) features such as usability, scalability, interoperability and security. In this paper, we introduce a novel blockchain-based architecture for authentication and capability-based access control for IoT environment. A capability is a token which contains the access rights authorized to the device holding it. The architecture uses blockchain technology to carry out all the operations in the scheme. It does not embed blockchain technology into the resource-constrained IoT devices for the purpose of authentication and access control of the devices. However, the IoT devices and blockchain are connected by means of interfaces through which the essential communications are established. The authenticity of such interfaces are verified before any communication is made. Consequently, the architecture satisfies usability, scalability, interoperability and security features. We carried out security evaluation for the scheme. It exhibits strong resistance to threats like spoofing, tampering, repudiation, information disclosure, and Denial-of-Service (DoS). We also developed a proof of concept implementation where cost and storage overhead of blockchain transactions are studied.

This paper describes a method for classifying onion sites. According to the results of the research, the most spread model of site in onion space is built. To create such a model, a specially trained neural network is used. The classification of neural network is based on five different categories such as using authentication system, corporate email, readable URL, feedback and type of onion-site. The statistics of the most spread types of websites in Dark Net are given.

Fast Growth of (ICT) Information and Communication Technology results to Innovation of Cloud Computing and is considered as a key driver for technological innovations, as an IT innovations, cloud computing had added a new dimension to that importance by increasing usage to technology that motivates economic development at the national and global levels. Continues need of higher storage space (applications, files, videos, music and others) are some of the reasons for adoption and implementation, Users and Enterprises are gradually changing the way and manner in which Data and Information are been stored. Storing/Retrieving Data and Information traditionally using Standalone Computers are no longer sustainable due to high cost of Peripheral Devices, This further recommends organizational innovative adoption with regards to approaches on how to effectively reduced cost in businesses. Cloud Computing provides a lot of prospects to users/organizations; it also exposes security concerns which leads to low adoption, implementation and usage. Therefore, the study will examine standard ways of improving cloud computing adoption, implementation and usage by proposing and developing a security model using a design methodology that will ensure a secured Cloud Computing and also identify areas where future regularization could be operational.

Fueled by the emergence of IoT-enabled medical sensors and big data analytics, nations all over the world are widely adopting digitalization of healthcare systems. This is certainly a positive trend for improving the entire spectrum of quality of care, but this convenience is also posing a huge challenge on the security of healthcare data. For ensuring privacy and protection of healthcare data, access control is regarded as one of the first-line-of-defense mechanisms. As none of the traditional enterprise access control models can completely cater to the need of the healthcare domain which includes a myriad of contexts, in this paper, we present a context-policy-based access control scheme. Our scheme relies on the eTRON cybersecurity architecture for tamper-resistance and cryptographic functions, and leverages a context-specific blend of classical discretionary and role-based access models for incorporation into legacy systems. Moreover, our scheme adheres to key recommendations of prominent statutory and technical guidelines including HIPAA and HL7. The protocols involved in the proposed access control system have been delineated, and a proof-of-concept implementation has been carried out - along with a comparison with other systems, which clearly suggests that our approach is more responsive to different contexts for protecting healthcare data.

The evolution of power system as a smart grid (SG) not only has enhanced the monitoring and control capabilities of the power grid, but also raised its security concerns and vulnerabilities. With a boom in Internet of Things (IoT), a lot a sensors are being deployed across the grid. This has resulted in huge amount of data available for processing and analysis. Machine learning (ML) and deep learning (DL) algorithms are being widely used to extract useful information from this data. In this context, this paper presents a comprehensive literature survey of different ML and DL techniques that have been used in the smart grid cyber security area. The survey summarizes different type of cyber threats which today's SGs are prone to, followed by various ML and DL-assisted defense strategies. The effectiveness of the ML based methods in enhancing the cyber security of SGs is also demonstrated with the help of a case study.

This paper presents a hardware-in-the-loop cyber-physical system architecture design to monitor and control smart lights connected to the active distribution grid. The architecture uses Zigbee-based (IEEE 802.15.4) wireless sensor networks and publish-subscribe architecture to exchange monitoring and control signals between smart-light actuators (SLAs) and a smart-light central controller (SLCC). Each SLA integrated into a smart light consists of a Zigbee-based endpoint module to send and receive signals to and from the SLCC. The SLCC consists of a Zigbee-based coordinator module, which further exchanges the monitoring and control signals with the active distribution management system over the TCP/IP communication network. The monitoring signals from the SLAs include light status, brightness level, voltage, current, and power data, whereas, the control signals to the SLAs include light intensity, turn ON, turn OFF, standby, and default settings. We have used our existing hardware-in-the-loop (HIL) cyber-physical system (CPS) security SCADA testbed to process signals received from the SLCC and respond suitable control signals based on the smart light schedule requirements, system operation, and active distribution grid dynamic characteristics. We have integrated the proposed cyber-physical smart light control system (CPSLCS) testbed to our existing HIL CPS SCADA testbed. We use the integrated testbed to demonstrate the efficacy of the proposed algorithm by real-time performance and latency between the SLCC and SLAs. The experiments demonstrated significant results by 100% realtime performance and low latency while exchanging data between the SLCC and SLAs.

In this paper, our objective is to focus on the recent trend of military fields where they brought Internet of Things (IoT) to have better impact on the battlefield by improving the effectiveness and this is called Internet of Battlefield Things(IoBT). Due to the requirements of high computing capability and minimum response time with minimum fault tolerance this paper proposed a decentralized IoBT architecture. The proposed method can increase the reliability in the battlefield environment by searching the reliable nodes among all the edge nodes in the environment, and by adding the fault tolerance in the edge nodes will increase the effectiveness of overall battlefield scenario. This suggested fault tolerance approach is worth for decentralized mode to handle the issue of latency requirements and maintaining the task reliability of the battlefield. Our experimental results ensure the effectiveness of the proposed approach as well as enjoy the requirements of latency-aware military field while ensuring the overall reliability of the network.