Biblio

Information Technology (IT) governance crosses the organization practices, culture, and policy that support IT management in controlling five key functions, which are strategic alignment, performance management, resource management, value delivery, and risk management. The line of sight is extended from the corporate strategy to the risk management, and risk controls are assessed against operational goals. Thus, the risk management model is concerned with ensuring that the corporate risks are sufficiently controlled and managed. Many organizations rely on IT services to facilitate and sustain their operations, which mandate the existence of a risk management model in their IT governance. This paper examines prior research based on IT governance by using a risk management framework. It also proposes a new method for calculating and classifying IT-related risks. Additionally, we assessed our technique with one of the critical IT services that proves the reliability and accuracy of the implemented model.

Counterfeit drugs are an immense threat for the pharmaceutical industry worldwide due to limitations of supply chain. Our proposed solution can overcome many challenges as it will trace and track the drugs while in transit, give transparency along with robust security and will ensure legitimacy across the supply chain. It provides a reliable certification process as well. Fabric architecture is permissioned and private. Hyperledger is a preferred framework over Ethereum because it makes use of features like modular design, high efficiency, quality code and open-source which makes it more suitable for B2B applications with no requirement of cryptocurrency in Hyperledger Fabric. QR generation and scanning are provided as a functionality in the application instead of bar code for its easy accessibility to make it more secure and reliable. The objective of our solution is to provide substantial solutions to the supply chain stakeholders in record maintenance, drug transit monitoring and vendor side verification.

Food supply chain is a complex but necessary food production arrangement needed by the global community to maintain sustainability and food security. For the past few years, entities being a part of the food processing system have usually taken food supply chain for granted, they forget that just one disturbance in the chain can lead to poisoning, scarcity, or increased prices. This continually affects the vulnerable among society, including impoverished individuals and small restaurants/grocers. The food supply chain has been expanded across the globe involving many more entities, making the supply chain longer and more problematic making the traditional logistics pattern unable to match the expectations of customers. Food supply chains involve many challenges like lack of traceability and communication, supply of fraudulent food products and failure in monitoring warehouses. Therefore there is a need for a system that ensures authentic information about the product, a reliable trading mechanism. In this paper, we have proposed a comprehensive solution to make the supply chain consumer centric by using Blockchain. Blockchain technology in the food industry applies in a mindful and holistic manner to verify and certify the quality of food products by presenting authentic information about the products from the initial stages. The problem formulation, simulation and performance analysis are also discussed in this research work.

The paper presents the concept of the association of digital signature technology with the currently trending blockchain technology for providing a mechanism which would detect any dubious data and store it in a place where it could be secure for the long term. The features of blockchain technology perfectly complement the requirements of the educational fields of today's world. The growing trend of digital certificate usage makes it easier for a dubious certificate to existing, among the others hampering the integrity of professional life. Association of hash key and a time stamp with a digital document would ensure that a third person does not corrupt the following certificate. The blockchain ensures that after verification, nobody else misuses the data uploaded and keeps it safe for a long time. The information from the blockchain can be retrieved at any moment by the user using the unique id associated with every user.

Traditional power consumption management systems are not showing enough reliability and thus, smart grid technology has been introduced to reduce the excess power wastages. In the context of smart grid systems, network communication is another term that is used for developing the network between the users and the load profiles. Cloud computing and clustering are also executed for efficient power management. Based on the facts, this research is going to identify wireless network communication systems to monitor and control smart grid power consumption. Primary survey-based research has been carried out with 62 individuals who worked in the smart grid system, tracked, monitored and controlled the power consumptions using WSN technology. The survey was conducted online where the respondents provided their opinions via a google survey form. The responses were collected and analyzed on Microsoft Excel. Results show that hybrid commuting of cloud and edge computing technology is more advantageous than individual computing. Respondents agreed that deep learning techniques will be more beneficial to analyze load profiles than machine learning techniques. Lastly, the study has explained the advantages and challenges of using smart grid network communication systems. Apart from the findings from primary research, secondary journal articles were also observed to emphasize the research findings.

In this decade, digital transactions have risen exponentially demanding more reliable and secure authentication systems. CAPTCHA (Completely Automated Public Turing Test to tell Computers and Humans Apart) system plays a major role in these systems. These CAPTCHAs are available in character sequence, picture-based, and audio-based formats. It is very essential that these CAPTCHAs should be able to differentiate a computer program from a human precisely. This work tests the strength of text-based CAPTCHAs by breaking them using an algorithm built on CNN (Convolution Neural Network) and RNN (Recurrent Neural Network). The algorithm is designed in such a way as an attempt to break the security features designers have included in the CAPTCHAs to make them hard to be cracked by machines. This algorithm is tested against the synthetic dataset generated in accordance with the schemes used in popular websites. The experiment results exhibit that the model has shown a considerable performance against both the synthetic and real-world CAPTCHAs.

This is the time of internet, and we are communicating our confidential data over internet in daily life. So, it is necessary to check the authenticity in communication to stop non-repudiation, of the sender. We are using the digital signature for stopping the non-repudiation. There are many versions of digital signature are available in the market. But in every algorithm, we are sending the original message and the digest message to the receiver. Hence, there is no security applied on the original message. In this paper we are proposed an algorithm which can secure the original and its integrity. In this paper we are using the RSA algorithm as the encryption and decryption algorithm, and SHA256 algorithm for making the hash.

In the information era, knowledge is becoming increasingly significant for all industries, especially criminal investigation that deeply relies on intelligence and strategies. Therefore, there is an urgent need for effective management and utilization of criminal investigation knowledge. As an important branch of knowledge engineering, the expert system can simulate the thinking pattern of an expert, proposing strategies and solutions based on the knowledge stored in the knowledge base. A crucial step in building the expert system is to construct the knowledge base, which determines the function and capability of the expert system. This paper establishes a practical knowledge base for criminal investigation, combining the technologies of cloud computing with traditional method of manual entry to acquire and process knowledge. The knowledge base covers data information and expert knowledge with detailed classification of rules and cases, providing answers through comparison and reasoning. The knowledge becomes more accurate and reliable after repeated inspection and verification by human experts.

The success of human-robot interaction is strongly affected by the people’s ability to infer others’ intentions and behaviours, and the level of people’s trust that others will abide by their same principles and social conventions to achieve a common goal. The ability of understanding and reasoning about other agents’ mental states is known as Theory of Mind (ToM). ToM and trust, therefore, are key factors in the positive outcome of human-robot interaction. We believe that a robot endowed with a ToM is able to gain people’s trust, even when this may occasionally make errors.In this work, we present a user study in the field in which participants (N=123) interacted with a robot that may or may not have a ToM, and may or may not exhibit erroneous behaviour. Our findings indicate that a robot with ToM is perceived as more reliable, and they trusted it more than a robot without a ToM even when the robot made errors. Finally, ToM results to be a key driver for tuning people’s trust in the robot even when the initial condition of the interaction changed (i.e., loss and regain of trust in a longer relationship).

The expanding streaming culture of large amounts of data, as well as the requirement for faster and more reliable data transport systems, necessitates the development of innovative communication technologies such as Visible Light Communication (VLC). Nonetheless, incorporating VLC into next-generation networks is challenging due to technological restrictions such as air absorption, shadowing, and beam dispersion. One technique for addressing some of the challenges is to use the multiple input multiple output (MIMO) technique, which involves the simultaneous transmission of data from several sources, hence increasing data rate. In this work, the data transmission performance of the MIMO-VLC system is evaluated using a variety of factors such as distance from the source, data bit rate, and modulation method.

Internet of Vehicles consists of a three-layer architecture of electric vehicles, charging piles, and a grid dispatch management control center. Therefore, V2G presents multi-level, multi-agent and frequent information interaction, which requires a highly secure and lightweight identity authentication method. Based on the characteristics of Internet of Vehicles, this paper designs a multi-subject information interaction and one-way hash chain authentication method, it includes one-way hash chain and key distribution update strategy. The operation experiment of multiple electric vehicles and charging piles shows that the algorithm proposed in this paper can meet the V2G ID authentication requirements of Internet of Vehicles, and has the advantages of lightweight and low consumption. It is of great significance to improve the security protection level of Internet of Vehicles V2G.

Social Internet of Vehicle (SIoV) has emerged as one of the most promising applications for vehicle communication, which provides safe and comfortable driving experience. It reduces traffic jams and accidents, thereby saving public resources. However, the wrongly communicated messages would cause serious issues, including life threats. So it is essential to ensure the reliability of the message before acting on considering that. Existing works use cryptographic primitives like threshold authentication and ring signatures, which incurs huge computation and communication overheads, and the ring signature size grew linearly with the threshold value. Our objective is to keep the signature size constant regardless of the threshold value. This work proposes MuSigRDT, a multisignature contract based data transmission protocol using Schnorr digital signature. MuSigRDT provides incentives, to encourage the vehicles to share correct information in real-time and participate honestly in SIoV. MuSigRDT is shown to be secure under Universal Composability (UC) framework. The MuSigRDT contract is deployed on Ethereum's Rinkeby testnet.

In the near future, the high data rate challenge would not be possible by using the radio frequency (RF) only. As the user will increase, the network traffic will increase proportionally. Visible light communication (VLC) is a good solution to support huge number of indoor users. VLC has high data rate over RF communication. The way internet users are increasing, we have to think over VLC technology. Not only the data rate is a concern but also its security, cost, and reliability have to be considered for a good communication network. Quantum technology makes a great impact on communication and computing in both areas. Quantum communication technology has the ability to support better channel capacity, higher security, and lower latency. This paper combines the quantum technology over the existing VLC and compares the performance between quantum visible light communication performance (QVLC) over the existing VLC system. Research findings clearly show that the performance of QVLC is better than the existing VLC system.

Traditional risk assessment process based on knowledge of threat occurrence probability against every system’s asset. One should consider asset placement, applied security measures on asset and network levels, adversary capabilities and so on: all of that has significant influence on probability value. We can measure threat probability by modelling complex attack process. Such process requires creating an attack tree, which consist of elementary attacks against different assets and relations between elementary attacks and impact on influenced assets. However, different attack path may lead to targeted impact – so task of finding optimal attack chain on a given system topology emerges. In this paper method for complex attack graph creation presented, allowing automatic building various attack scenarios for a given system. Assuming that exploits of particular vulnerabilities represent by independent events, we can compute the overall success probability of a complex attack as the product of the success probabilities of exploiting individual vulnerabilities. This assumption makes it possible to use algorithms for finding the shortest paths on a directed graph to find the optimal chain of attacks for a given adversary’s target.

Vehicle Ad-Hoc Networks (VANETs) are a special type of Mobile Ad-Hoc Network (MANETs). In VANETs, a group of vehicles communicates with each other to transfer data without a need for a fixed infrastructure. In this paper, we compare the performance of two routing protocols: Ad-hoc on Demand Distance Vector protocol (AODV) and Destination-Sequenced Distance Vector protocol (DSDV) in VANETs. We measure the reliability of each protocol in the packet delivery.

Modern day cyber-infrastructures are critically dependent on each other to provide essential services. Current frameworks typically focus on the risk analysis of an isolated infrastructure. Evaluation of potential disruptions taking the heterogeneous cyber-infrastructures is vital to note the cascading disruption vectors and determine the appropriate interventions to limit the damaging impact. This paper presents a cyber-security risk assessment framework for the interconnected cyber-infrastructures. Our methodology is designed to be comprehensive in terms of accommodating accidental incidents and malicious cyber threats. Technically, we model the functional dependencies between the different architectures using reliability block diagrams (RBDs). RBDs are convenient, yet powerful graphical diagrams, which succinctly describe the functional dependence between the system components. The analysis begins by selecting a service from the many services that are outputted by the synchronized operation of the architectures whose disruption is deemed critical. For this service, we design an attack fault tree (AFT). AFT is a recent graphical formalism that combines the two popular formalisms of attack trees and fault trees. We quantify the attack-fault tree and compute the risk metrics - the probability of a disruption and the damaging impact. For this purpose, we utilize the open source ADTool. We show the efficacy of our framework with an example outage incident.

Markov models of reliability of fault-tolerant computer systems are proposed, taking into account two stages of recovery of redundant memory devices. At the first stage, the physical recovery of memory devices is implemented, and at the second, the informational one consists in entering the data necessary to perform the required functions. Memory redundancy is carried out to increase the stability of the system to the loss of unique data generated during the operation of the system. Data replication is implemented in all functional memory devices. Information recovery is carried out using replicas of data stored in working memory devices. The model takes into account the criticality of the system to the timeliness of calculations in real time and to the impossibility of restoring information after multiple memory failures, leading to the loss of all stored replicas of unique data. The system readiness coefficient and the probability of its transition to a non-recoverable state are determined. The readiness of the system for the timely execution of requests is evaluated, taking into account the influence of the shares of the distribution of the performance of the computer allocated for the maintenance of requests and for the entry of information into memory after its physical recovery.

Driven by the progress of data and compute-intensive methods in various scientific domains, there is an in-creasing demand from researchers working with highly sensitive data to have access to the necessary computational resources to be able to adapt those methods in their respective fields. To satisfy the computing needs of those researchers cost-effectively, it is an open quest to integrate reliable security measures on existing High Performance Computing (HPC) clusters. The fundamental problem with securely working with sensitive data is, that HPC systems are shared systems that are typically trimmed for the highest performance - not for high security. For instance, there are commonly no additional virtualization techniques employed, thus, users typically have access to the host operating system. Since new vulnerabilities are being continuously discovered, solely relying on the traditional Unix permissions is not secure enough. In this paper, we discuss a generic and secure workflow that can be implemented on typical HPC systems allowing users to transfer, store and analyze sensitive data. In our experiments, we see an advantage in the asynchronous execution of IO requests, while reaching 80 % of the ideal performance.

Nowadays big shopping marts are expanding their business all over the world but not all marts are fully protected with the advanced security system. Very often we come across cases where people take the things out of the mart without billing. These marts require some advanced features-based security system for them so that they can run an efficient and no-loss business. The idea we are giving here can not only be implemented in marts to enhance their security but can also be used in various other fields to cope up with the incompetent management system. Several issues of the stores like regular stock updating, placing orders for new products, replacing products that have expired can be solved with the idea we present here. We also plan on making the slow processes of billing and checking out of the mart faster and more efficient that would result in customer satisfaction.

The strategy of permanently allocating a frequency band in a wireless communication network to one application has led to exceptionally low utilization of the vacant spectrum. By utilizing the unused licensed spectrum along with the unlicensed spectrum, Cognitive Radio Sensor Network (CRSNs) ensures the efficiency of spectrum management. To utilize the spectrum dynamically it is important to safeguard the spectrum sensing. Cooperative Spectrum Sensing (CSS) is recommended for this task. CSS aims to provide reliable spectrum sensing. However, there are various vulnerabilities experienced in CSS which can influence the performance of the network. In this work, the focus is on the Byzantine attack in CSS and current security solutions available to avoid the Byzantines in CRSN.

Cognitive Radio Network makes intelligent use of the spectrum resources. However, spectrum sensing is vulnerable to numerous harmful assaults. To lower the network's performance, hackers attempt to alter the sensed result. In the fusion centre, blockchain technology is used to make broad judgments on spectrum sensing in order to detect and thwart hostile activities. The sensed local results are hashed using the SHA 3 technique. This improves spectrum sensing precision and effectively thwarts harmful attacks. In comparison to other established techniques like equal gain combining, the simulation results demonstrate higher detection probability and sensing precision. Thus, employing Blockchain technology, cognitive radio network security can be significantly enhanced.

Smart grid (SG) is considered the next generation of the traditional power grid. It is mainly divided into three main infrastructures: power system, information and communication infrastructures. Cybersecurity is imperative for information infrastructure and the secure, reliable, and efficient operation of the smart grid. Cybersecurity or a lack of proper implementation thereof poses a considerable challenge to the deployment of SG. Therefore, in this paper, A comprehensive survey of cyber security is presented in the smart grid context. Cybersecurity-related information infrastructure is clarified. The impact of adopting cybersecurity on control and management systems has been discussed. Also, the paper highlights the cybersecurity issues and challenges associated with the control decisions in the smart grid.

The SCADA (Supervisory Control And Data Acquisition) has become ubiquitous in industrial control systems. However, it may be exposed to cyber attack threats when it accesses the Internet. We propose a three-layer IDS (Intrusion Detection System) model, which integrates three main functions: access control, flow detection and password authentication. We use the reliability test system IEEE RTS-79 to evaluate the reliability. The experimental results provide insights into the establishment of the power SCADA system reliability enhancement strategies.

Accurate and synchronized timing information is required by power system operators for controlling the grid infrastructure (relays, Phasor Measurement Units (PMUs), etc.) and determining asset positions. Satellite-based global positioning system (GPS) is the primary source of timing information. However, GPS disruptions today (both intentional and unintentional) can significantly compromise the reliability and security of our electric grids. A robust alternate source for accurate timing is critical to serve both as a deterrent against malicious attacks and as a redundant system in enhancing the resilience against extreme events that could disrupt the GPS network. To achieve this, we rely on the highly accurate, terrestrial atomic clock-based network for alternative timing and synchronization. In this paper, we discuss an experimental setup for an alternative timing approach. The data obtained from this experimental setup is continuously monitored and analyzed using various time deviation metrics. We also use these metrics to compute deviations of our clock with respect to the National Institute of Standards and Technologys (NIST) GPS data. The results obtained from these metric computations are elaborately discussed. Finally, we discuss the integration of the procedures involved, like real-time data ingestion, metric computation, and result visualization, in a novel microservices-based architecture for situational awareness.

A reliable database of Indicators of Compromise (IoC’s) is a cornerstone of almost every malware detection system. Building the database and keeping it up-to-date is a lengthy and often manual process where each IoC should be manually reviewed and labeled by an analyst. In this paper, we focus on an automatic way of identifying IoC’s intended to save analysts’ time and scale to the volume of network data. We leverage relations of each IoC to other entities on the internet to build a heterogeneous graph. We formulate a classification task on this graph and apply graph neural networks (GNNs) in order to identify malicious domains. Our experiments show that the presented approach provides promising results on the task of identifying high-risk malware as well as legitimate domains classification.