Biblio

In recent years, body-worn RFID and NFC (near field communication) devices have become one of the principal technologies concurring to the rise of healthcare internet of thing (H-IoT) systems. Similarly, points of care (PoCs) moved increasingly closer to patients to reduce the costs while supporting precision medicine and improving chronic illness management, thanks to timely and frequent feedback from the patients themselves. A typical PoC involves medical sensing devices capable of sampling human health, personal equipment with communications and computing capabilities (smartphone or tablet) and a secure software environment for data transmission to medical centers. Hybrid platforms simultaneously employing NFC and ultra-high frequency (UHF) RFID could be successfully developed for the first sensing layer. An application example of the proposed hybrid system for the monitoring of acute myocardial infarction (AMI) survivors details how the combined use of NFC and UHF-RFID in the same PoC can support the multifaceted need of AMI survivors while protecting the sensitive data on the patient’s health.

This paper discusses the outcome of combining insider threat agent taxonomies with the aim of enhancing insider threat detection. The objectives sought to explore taxonomy combinations and investigate threat sophistication from the taxonomy combinations. Investigations revealed the plausibility of combining the various taxonomy categories to derive a new taxonomy. An observation on category combinations yielded the introduction of the concept of a threat path. The proposed taxonomy tree consisted of more than a million threat-paths obtained using a formula from combinatorics analysis. The taxonomy category combinations thus increase the insider threat landscape and hence the gap between insider threat agent sophistication and countermeasures. On the defensive side, knowledge of insider threat agent taxonomy category combinations has the potential to enhance defensive countermeasure tactics, techniques and procedures, thus increasing the chances of insider threat detection.

Key management for self-organized wireless ad-hoc networks using peer-to-peer (P2P) keys is the primary goal of this article (SOWANs). Currently, wireless networks have centralized security architectures, making them difficult to secure. In most cases, ad-hoc wireless networks are not connected to trusted authorities or central servers. They are more prone to fragmentation and disintegration as a result of node and link failures. Traditional security solutions that rely on online trusted authorities do not work together to protect networks that are not planned. With open wireless networks, anyone can join or leave at any time with the right equipment, and no third party is required to verify their identity. These networks are best suited for this proposed method. Each node can make, distribute, and revoke its keying material in this paper. A minimal amount of communication and computation is required to accomplish this task. So that they can authenticate one another and create shared keys, nodes in the self-organized version of the system must communicate via a secure side channel between the users' devices.

DDoS attacks produce a lot of traffic on the network. DDoS attacks may be fought in a novel method thanks to the rise of Software Defined Networking (SDN). DDoS detection and data gathering may lead to larger system load utilization among SDN as well as systems, much expense of SDN, slow reaction period to DDoS if they are conducted at regular intervals. Using the Identification Retrieval algorithm, we offer a new DDoS detection framework for detecting resource scarcity type DDoS attacks. In designed to check low-density DDoS attacks, we employ a combination of network traffic characteristics. The KSVD technique is used to generate a dictionary of network traffic parameters. In addition to providing legitimate and attack traffic models for dictionary construction, the suggested technique may be used to network traffic as well. Matching Pursuit and Wavelet-based DDoS detection algorithms are also implemented and compared using two separate data sets. Despite the difficulties in identifying LR-DoS attacks, the results of the study show that our technique has a detection accuracy of 89%. DDoS attacks are explained for each type of DDoS, and how SDN weaknesses may be exploited. We conclude that machine learning-based DDoS detection mechanisms and cutoff point DDoS detection techniques are the two most prevalent methods used to identify DDoS attacks in SDN. More significantly, the generational process, benefits, and limitations of each DDoS detection system are explained. This is the case in our testing environment, where the intrusion detection system (IDS) is able to block all previously identified threats

Recent works have empirically shown that neural network interpretability is susceptible to malicious manipulations. However, existing attacks against Interpretable Deep Learning Systems (IDLSes) all focus on the white-box setting, which is obviously unpractical in real-world scenarios. In this paper, we make the first attempt to attack IDLSes in the decision-based black-box setting. We propose a new framework called Dual Black-box Adversarial Attack (DBAA) which can generate adversarial examples that are misclassified as the target class, yet have very similar interpretations to their benign cases. We conduct comprehensive experiments on different combinations of classifiers and interpreters to illustrate the effectiveness of DBAA. Empirical results show that in all the cases, DBAA achieves high attack success rates and Intersection over Union (IoU) scores.

Differential privacy is a widely-used metric, which provides rigorous privacy definitions and strong privacy guarantees. Much of the existing studies on differential privacy are based on datasets where the tuples are independent, and thus are not suitable for correlated data protection. In this paper, we focus on correlated differential privacy, by taking the data correlations and the prior knowledge of the initial data into account. The data correlations are modeled by Bayesian conditional probabilities, and the prior knowledge refers to the exact values of the data. We propose general correlated differential privacy conditions for the discrete and continuous random noise-adding mechanisms, respectively. In case that the conditions are inaccurate due to the insufficient prior knowledge, we introduce the tuple dependence based on rough set theory to improve the correlated differential privacy conditions. The obtained theoretical results reveal the relationship between the correlations and the privacy parameters. Moreover, the improved privacy condition helps strengthen the mechanism utility. Finally, evaluations are conducted over a micro-grid system to verify the privacy protection levels and utility guaranteed by correlated differential private mechanisms.

In Production System Engineering (PSE), domain experts aim at effectively and efficiently analyzing and mitigating information security risks to product and process qualities for manufacturing. However, traditional security standards do not connect security analysis to the value stream of the production system nor to production quality requirements. This paper aims at facilitating security analysis for production quality already in the design phase of PSE. In this paper, we (i) identify the connection between security and production quality, and (ii) introduce the Production Security Network (PSN) to efficiently derive reusable security requirements and design patterns for PSE. We evaluate the PSN with threat scenarios in a feasibility study. The study results indicate that the PSN satisfies the requirements for systematic security analysis. The design patterns provide a good foundation for improving the communication of domain experts by connecting security and quality concerns.

Classic black-box adversarial attacks can take advantage of transferable adversarial examples generated by a similar substitute model to successfully fool the target model. However, these substitute models need to be trained by target models' training data, which is hard to acquire due to privacy or transmission reasons. Recognizing the limited availability of real data for adversarial queries, recent works proposed to train substitute models in a data-free black-box scenario. However, their generative adversarial networks (GANs) based framework suffers from the convergence failure and the model collapse, resulting in low efficiency. In this paper, by rethinking the collaborative relationship between the generator and the substitute model, we design a novel black-box attack framework. The proposed method can efficiently imitate the target model through a small number of queries and achieve high attack success rate. The comprehensive experiments over six datasets demonstrate the effectiveness of our method against the state-of-the-art attacks. Especially, we conduct both label-only and probability-only attacks on the Microsoft Azure online model, and achieve a 100% attack success rate with only 0.46% query budget of the SOTA method [49].

DDoS attacks still represent a severe threat to network services. While there are more or less workable solutions to defend against these attacks, there is a significant space for further research regarding automation of reactions and subsequent management. In this paper, we focus on one piece of the whole puzzle. We strive to automatically infer filtering rules which are specific to the current DoS attack to decrease the time to mitigation. We employ a machine learning technique to create a model of the traffic mix based on observing network traffic during the attack and normal period. The model is converted into the filtering rules. We evaluate our approach with various setups of hyperparameters. The results of our experiments show that the proposed approach is feasible in terms of the capability of inferring successful filtering rules.

Axie infinity is a complicated card game with a huge-scale action space. This makes it difficult to solve this challenge using generic Reinforcement Learning (RL) algorithms. We propose a hybrid RL framework to learn action representations and game strategies. To avoid evaluating every action in the large feasible action set, our method evaluates actions in a fixed-size set which is determined using action representations. We compare the performance of our method with two baseline methods in terms of their sample efficiency and the winning rates of the trained models. We empirically show that our method achieves an overall best winning rate and the best sample efficiency among the three methods.

The design of safety-critical embedded systems is a complex process that involves the reuse of proven solutions to fulfill a set of requirements. While safety is considered as the major requirement to be satisfied in safety-critical embedded systems, the security attacks can affect the security as well as the safety of these systems. Therefore, ensuring the security of the safety-critical embedded systems is as important as ensuring the safety requirements. The concept of design patterns, which provides common solutions to widely recurring design problems, have been extensively engaged in the design of the hardware and software in many fields, including embedded systems. However, there is an inadequacy of experience with security patterns in the field of safety-critical embedded systems. To address this problem, this paper proposes an approach to integrate security patterns with safety patterns in the design of safety-critical embedded systems. Moreover, it presents a customized representation for security patterns to be more relevant to the common safety patterns in the context of safety-critical embedded systems.

Cyberspace is vulnerable to continuous malicious attacks. Traceability of network attacks is an effective defense means to curb and counter network attacks. In this paper, the evolutionary game model is used to analyze the network attack and defense behavior. On the basis of the quantification of attack and defense benefits, the replication dynamic learning mechanism is used to describe the change process of the selection probability of attack and defense strategies, and finally the evolutionary stability strategies and their solution curves of both sides are obtained. On this basis, the attack behavior is analyzed, and the probability curve of attack strategy and the optimal attack strategy are obtained, so as to realize the effective traceability of attack behavior.

Due to its decentralized trust mechanism, blockchain is increasingly used as a trust intermediary for multi-party cooperation to reduce the cost and risk of maintaining centralized trust nowadays. And as the requirements for privacy and high throughput, consortium blockchain is widely used in data sharing and business cooperation in practical application scenarios. Nowadays, the protection of traditional medicine has been regarded as human intangible cultural heritage in recent years, but this kind of protection still faces the problem that traditional medicine prescriptions are unsuitable for disclosure and difficult to protect. Hyperledger is a consortium blockchain featuring authorized access, high throughput, and tamper-resistance, making it ideal for privacy protection and information depository in traditional medicine protection. This study proposes a solution for intellectual property protection of traditional medicine by using a blockchain platform to record prescription iterations and clinical trial data. The privacy and confidentiality of Hyperledger can keep intellectual property information safe and private. In addition, the author proposes to invite the Patent Offices and legal institutions to join the blockchain network, maintain users' properties and issue certificates, which can provide a legal basis for rights protection when infringement occurs. Finally, the researchers have built a system corresponding to the scheme and tested the system. The test outcomes of the system can explain the usability of the system. And through the test of system throughput, under low system configuration, it can reach about 200 query operations per second, which can meet the application requirements of relevant organizations and governments.

Secured data transmission between one to many authorized users is achieved through Broadcast Encryption (BE). In BE, the source transmits encrypted data to multiple registered users who already have their decrypting keys. The Untrustworthy users, known as Traitors, can give out their secret keys to a hacker to form a pirate decoding system to decrypt the original message on the sly. The process of detecting the traitors is known as Traitor Tracing in cryptography. This paper presents a new Black Box Tracing method that is fully collusion resistant and it is designated as Traitor Tracing in Broadcast Encryption using Vector Keys (TTBE-VK). The proposed method uses integer vectors in the finite field Zp as encryption/decryption/tracing keys, reducing the computational cost compared to the existing methods.

MQTT is widely adopted by IoT devices because it allows for the most efficient data transfer over a variety of communication lines. The security of MQTT has received increasing attention in recent years, and several studies have demonstrated the configurations of many MQTT brokers are insecure. Adversaries are allowed to exploit vulnerable brokers and publish malicious messages to subscribers. However, little has been done to understanding the security issues on the device side when devices handle unauthorized MQTT messages. To fill this research gap, we propose a fuzzing framework named ShadowFuzzer to find client-side vulnerabilities when processing incoming MQTT messages. To avoiding ethical issues, ShadowFuzzer redirects traffic destined for the actual broker to a shadow broker under the control to monitor vulnerabilities. We select 15 IoT devices communicating with vulnerable brokers and leverage ShadowFuzzer to find vulnerabilities when they parse MQTT messages. For these devices, ShadowFuzzer reports 34 zero-day vulnerabilities in 11 devices. We evaluated the exploitability of these vulnerabilities and received a total of 44,000 USD bug bounty rewards. And 16 CVE/CNVD/CN-NVD numbers have been assigned to us.

Transient stability accidents induced by converter-based resources have been emerging frequently around the world. In this paper, the transient stability of the grid-tied voltage source converter (VSC) system is studied through estimating the basin of attraction (BOA) based on the hyperplane or hypersurface method. Meanwhile, fault critical clearing times are estimated, based on the approximated BOA and numerical fault trajectory. Further, the dynamic security region (DSR), an important index in traditional power systems, is extended to power-electronics-dominated power systems in this paper. The DSR of VSC is defined in the space composed of active current references. Based on the estimated BOA, the single-VSC-infinite-bus system is taken as an example and its DSR is evaluated. Finally, all these analytical results are well verified by several numerical simulations in MATLAB/Simulink.

With the global transition to the IPv6 (Internet Protocol version 6), IP (Internet Protocol) validation efficiency and IPv6 support from the aspect of network programming are gaining more importance. As global computer networks grow in the era of IoT (Internet of Things), IP address validation is an inevitable process for assuring strong network privacy and security. The complexity of IP validation has been increased due to the rather drastic change in the memory architecture needed for storing IPv6 addresses. Low-level programming languages like C/C++ are a great choice for handling memory spaces and working with simple devices connected in an IoT (Internet of Things) network. This paper analyzes some user-defined and open-source implementations of IP validation codes in Boost. Asio and POCO C++ networking libraries, as well as the IP security support provided for general networking purposes and IoT. Considering a couple of sample codes, the paper gives a conclusion on whether these C++ implementations answer the needs for flexibility and security of the upcoming era of IPv6 addressed computers.

True Random Number Generator (TRNG) is an important hardware security primitive for system security. TRNGs are capable of providing random bits for initialization vectors in encryption engines, for padding and nonces in authentication protocols and for seeds to pseudo random number generators (PRNG). A TRNG needs to meet the same statistical quality standards as a physical unclonable function (PUF) with regard to randomness and uniqueness, and therefore one can envision a unified architecture for both functions. In this paper, we investigate a FPGA implementation of a TRNG using the Shift-register Reconvergent-Fanout (SiRF) PUF. The SiRF PUF measures path delays as a source of entropy within a engineered logic gate netlist. The delays are measured at high precision using a time-to-digital converter, and then processed into a random bitstring using a series of linear-time mathematical operations. The SiRF PUF algorithm that is used for key generation is reused for the TRNG, with simplifications that improve the bit generation rate of the algorithm. This enables the TRNG to leverage both fixed PUF-based entropy and random noise sources, and makes the TRNG resilient to temperature-voltage attacks. TRNG bitstrings generated from a programmable logic implementation of the SiRF PUF-TRNG on a set of FPGAs are evaluated using statistical testing tools.

In this paper, a novel composite right/left-handed transmission line (CRLH TL) 3-unit cell is presented for finding excellent time-delay (TD) efficiency of Chipless RFID's True-Time-Delay Lines (TTDLs). RFID (Radio Frequency Identification) is a non-contact automatic identification technology that uses radio frequency (RF) signals to identify target items automatically and retrieve pertinent data without the need for human participation. However, as compared to barcodes, RFID tags are prohibitively expensive and complex to manufacture. Chipless RFID tags are RFID tags that do not contain silicon chips and are therefore less expensive and easier to manufacture. It combines radio broadcasting technology with radar technology. Radio broadcasting technology use radio waves to send and receive voice, pictures, numbers, and symbols, whereas radar technology employs the radio wave reflection theory. Chipless RFID lowers the cost of sensors such as gas, temperature, humidity, and pressure. In addition, Chipless RFID tags can be used as sensors which are also required for security purposes and future IoT applications.

The blockchain network is often considered a reliable and secure network. However, some security attacks, such as eclipse attacks, have a significant impact on blockchain networks. In order to perform an eclipse attack, the attacker must be able to control enough IP addresses. This type of attack can be mitigated by blocking incoming connections. Connected machines may only establish outbound connections to machines they trust, such as those on a whitelist that other network peers maintain. However, this technique is not scalable since the solution does not allow nodes with new incoming communications to join the network. In this paper, we propose a scalable and secure trust-based solution against eclipse attacks with a peer-selection strategy that minimizes the probability of eclipse attacks from nodes in the network by developing a trust point. Finally, we experimentally analyze the proposed solution by creating a network simulation environment. The analysis results show that the proposed solution reduces the probability of an eclipse attack and has a success rate of over 97%.

With the continuous development of vehicular ad hoc networks (VANETs), it brings great traffic convenience. How-ever, it is still a difficult problem for malicious vehicles to spread false news. In order to ensure the reliability of the message, an effective trust management model must be established, so that malicious vehicles can be detected and false information can be identified in the vehicle ad hoc network in time. This paper presents a trust management model based on machine learning and active detection technology, which evaluates the trust of vehicles and events to ensure the credibility of communication. Through the active detection mechanism, vehicles can detect the indirect trust of their neighbors, which improves the filtering speed of malicious nodes. Bayesian classifier can judge whether a vehicle is a malicious node by the state information of the vehicle, and can limit the behavior of the malicious vehicle at the first time. The simulation results show that our scheme can obviously restrict malicious vehicles.

In response to the vulnerabilities in traditional perimeter-based network security, the zero trust framework is a promising approach to secure modern network systems and address the challenges. The core of zero trust security is agent-centric trust evaluation and trust-based security decisions. The challenges, however, arise from the limited observations of the agent's footprint and asymmetric information in the decision-making. An effective trust policy needs to tradeoff between the security and usability of the network. The explainability of the policy facilitates the human understanding of the policy, the trust of the result, as well as the adoption of the technology. To this end, we formulate a zero-trust defense model using Partially Observable Markov Decision Processes (POMDP), which captures the uncertainties in the observations of the defender. The framework leads to an explainable trust-threshold policy that determines the defense policy based on the trust scores. This policy is shown to achieve optimal performance under mild conditions. The trust threshold enables an efficient algorithm to compute the defense policy while providing online learning capabilities. We use an enterprise network as a case study to corroborate the results. We discuss key factors on the trust threshold and illustrate how the trust threshold policy can adapt to different environments.

The vast proliferation of the connected devices makes the operation of the traditional networks so complex and drops the network performance, particularly, failure cases. In fact, a novel solution is proposed to enable the management of the network resources and services named software defined network (SDN). SDN splits the data plane and the control plane by centralizing all the control plane on one common platform. Further, SDN makes the control plane programmable by offering high flexibility for the network management and monitoring mostly in failure cases. However, the main challenge in SDN is security that is presented as the first barrier for its development. Security in SDN is presented at various levels and forms, particularly, the communication between the data plane and control plane that presents a weak point in SDN framework. In this article, we suggest a new security framework focused on the combination between the trust and awareness concepts (TAS-SDN) for a dynamic southbound communication SDN. Further, TAS-SDN uses trust levels to establish a secure communication between the control plane and data plane. As a result, we discuss the implementation and the performance of TAS-SDN which presents a promote security solution in terms of time execution, complexity and scalability for SDN.

This paper proposes a new two-stage encryption method to increase the cryptographic strength of the AES algorithm, which is based on stochastic error of a neural network. The composite encryption key in AES neural network cryptosystem are the weight matrices of synaptic connections between neurons and the metadata about the architecture of the neural network. The stochastic nature of the prediction error of the neural network provides an ever-changing pair key-ciphertext. Different topologies of the neural networks and the use of various activation functions increase the number of variations of the AES neural network decryption algorithm. The ciphertext is created by the forward propagation process. The encryption result is reversed back to plaintext by the reverse neural network functional operator.

We present a novel chaotic laser coding technology of alternate variable secret-key (AVSK) for optics secure communication using alternate variable orbits (AVOs) method. We define the principle of chaotic AVSK encoding and decoding, and introduce a chaotic AVSK communication platform and its coding scheme. And then the chaotic AVSK coding technology be successfully achieved in encrypted optics communications while the presented AVO function, as AVSK, is adjusting real-time chaotic phase space trajectory, where the AVO function and AVSK according to our needs can be immediately variable and adjustable. The coding system characterizes AVSK of emitters. And another combined AVSK coding be discussed. So the system's security enhances obviously because it increases greatly the difficulty for intruders to decipher the information from the carrier. AVSK scheme has certain reference value for the research of chaotic laser secure communication and laser network synchronization.