Biblio

Cyber attacks against automobiles have increased over the last decade due to the expansion in attack surfaces. This is the result of modern automobiles having connections such as Bluetooth, WiFi, and other broadband services. While there has been numerous proposed solutions in the literature, none have been widely adopted as maintaining real-time message deliverability in the Controller Area Networks (CAN) outweighs proposed security solutions. Through iterative research, we have developed a solution which mitigates an attacker's impact on the CAN bus by using CAN's inherent features of arbitration, error detection and signaling, and fault confinement mechanism. The solution relies on an access controller and message priority thresholds added to the CAN data-link layer. The results provide no time delay for non-malicious traffic and mitigates bus impact of a subverted node attempting to fabricate messages at an unauthorized priority level.

The Internet of Things (IoT) is exploding. It is made up of billions of smart devices -from minuscule chips to mammoth machines - that use wireless technology to talk to each other (and to us). IoT infrastructures can vary from instrumented connected devices providing data externally to smart, and autonomous systems. To accompany data explosion resulting, among others, from IoT, Big data analytics processes examine large data sets to uncover hidden patterns, unknown correlations between collected events, either at a very technical level (incident/anomaly detection, predictive maintenance) or at business level (customer preferences, market trends, revenue opportunities) to provide improved operational efficiency, better customer service, competitive advantages over rival organizations, etc. In order to capitalize business value of the data generated by IoT sensors, IoT, Big Data Analytics/IA need to meet in the middle. One critical use case for IoT is to warn organizations when a product or service is at risk. The aim of this paper is to present a first proposal of IoT-Big Data-IA architectural patterns catalogues with a Blockchain implementation perspective in seek of design methodologies artifacts.

Verbal and non-verbal behaviors that we use in order to effectively communicate with other people are vital for our success in our daily lives. Despite the importance of social skills, creating standardized methods for training them and supporting their training is challenging. Information and Communications Technology (ICT) may have a good potential to support social and emotional learning (SEL) through virtual social demonstration games. This paper presents initial work involving the design of a pedagogical scenario to facilitate teaching of socially appropriate and inappropriate behaviors when entering and standing in a small group of people, a common occurrence in collaborative social situations. This is achieved through the use of virtual characters and, initially, virtual reality (VR) environments for supporting situated learning in multiple contexts. We describe work done thus far on the demonstrator scenario and anticipated potentials, pitfalls and challenges involved in the approach.

Due to the leakage of privacy information in the sensitive region of trajectory anonymity publishing, which is resulted by the attack, this paper aims at the trajectory anonymity algorithm of division of region. According to the start stop time of the trajectory, the current sensitive region is found with the k-anonymity set on the synchronous trajectory. If the distance between the divided sub-region and the adjacent anonymous area is not greater than the threshold d, the area will be combined. Otherwise, with the guidance of location mapping, the forged location is added to the sub-region according to the original location so that the divided sub-region can meet the principle of k-anonymity. While the forged location retains the relative position of each point in the sensitive region, making that the divided sub-region and the original Regional anonymity are consistent. Experiments show that compared with the existing trajectory anonymous algorithm and the synchronous trajectory data set with the same privacy, the algorithm is highly effective in both privacy protection and validity of data quality.

With the development of cloud computing technology in the Internet of Things (IoT), the trajectory privacy in location-based services (LBSs) has attracted much attention. Most of the existing work adopts point-to-point and centralized models, which will bring a heavy burden to the user and cause performance bottlenecks. Moreover, previous schemes did not consider both online and offline trajectory protection and ignored some hidden background information. Therefore, in this paper, we design a trajectory protection scheme based on fog computing and k-anonymity for real-time trajectory privacy protection in continuous queries and offline trajectory data protection in trajectory publication. Fog computing provides the user with local storage and mobility to ensure physical control, and k-anonymity constructs the cloaking region for each snapshot in terms of time-dependent query probability and transition probability. In this way, two k-anonymity-based dummy generation algorithms are proposed, which achieve the maximum entropy of online and offline trajectory protection. Security analysis and simulation results indicate that our scheme can realize trajectory protection effectively and efficiently.

Various aspects of security and privacy in many application domains can be assessed based on proper analysis of successive measurements that are collected on a given system. This work is devoted to such issues in the context of timed stochastic Petri net models. We assume that certain events and part of the marking trajectories are observable to adversaries who aim to determine when the system is performing secret operations, such as time intervals during which the system is executing certain critical sequences of events (as captured, for instance, in language-based opacity formulations). The combined use of the k-step trajectory-observer and the Markov model of the stochastic Petri net leads to probabilistic indicators helpful for evaluating language-based opacity of the given system, related timing aspects, and possible strategies to improve them.

Software Defined Networking (SDN) has emerged as a revolutionary paradigm to manage cloud infrastructure. SDN lacks scalable trust setup and verification mechanism between Data Plane-Control Plane elements, Control Plane elements, and Control Plane-Application Plane. Trust management schemes like Public Key Infrastructure (PKI) used currently in SDN are slow for trust establishment in a larger cloud environment. We propose a distributed trust mechanism - TRUFL to establish and verify trust in SDN. The distributed framework utilizes parallelism in trust management, in effect faster transfer rates and reduced latency compared to centralized trust management. The TRUFL framework scales well with the number of OpenFlow rules when compared to existing research works.

Hypergame theory has been used to model advantages in decision making. This research provides a formal representation of deception to further extend the hypergame model. In order to extend the model, we propose a hypergame theoretic framework based on temporal logic to model decision making under the potential for trust and deception. Using the temporal hypergame model, the concept of trust is defined within the constraints of the model. With a formal definition of trust in hypergame theory, the concepts of distrust, mistrust, misperception, and deception are then constructed. These formal definitions are then applied to an Attacker-Defender hypergame to show how the deception within the game can be formally modeled; the model is presented. This demonstrates how hypergame theory can be used to model trust, mistrust, misperception, and deception using a formal model.

Public Key Infrastructure (PKI) has been popularized in many scenarios such as e-government applications, enterprises, etc. Due to the construction of PKI system of various regions and departments, there formed a lot of isolated PKI management domains, cross-domain authentication has become a problem that cannot ignored, which also has some traditional solutions such as cross-authentication, trust list, etc. However, some issues still exist, which hinder the popularity of unified trust services. For example, lack of unified cross domain standard, the update period of Certificate Revocation List (CRL) is too long, which affects the security of cross-domain authentication. In this paper, we proposed a trust transferring model by using blockchain consensus instead of traditional trusted third party for e-government applications. We exploit how to solve the unified trust service problem of PKI at the national level through consensus and transfer some CA management functions to the blockchain. And we prove the scheme's feasibility from engineering perspective. Besides, the scheme has enough scalability to satisfy trust transfer requirements of multiple PKI systems. Meanwhile, the security and efficiency are also guaranteed compared with traditional solutions.

The performance of the trust evaluation strategy depends on the accuracy and rationality of the trust evaluation weight system. Trust is a difficult to accurate measurement and quantitative cognition in the heart, the trust of the traditional evaluation method has a strong subjectivity and fuzziness and uncertainty. This paper uses the AHP method to determine the trust evaluation index weight, and combined with grey system theory to build trust gray evaluation model. The use of gray assessment based on the whitening weight function in the evaluation process reduces the impact of the problem that the evaluation result of the trust evaluation is not easy to accurately quantify when the decision fuzzy and the operating mechanism are uncertain.

Mobile cloud computing has the features of resource constraints, openness, and uncertainty which leads to the high uncertainty on its quality of service (QoS) provision and serious security risks. Therefore, when faced with complex service requirements, an efficient and reliable service composition approach is extremely important. In addition, preference learning is also a key factor to improve user experiences. In order to address them, this paper introduces a three-layered trust-enabled service composition model for the mobile cloud computing systems. Based on the fuzzy comprehensive evaluation method, we design a novel and integrated trust management model. Service brokers are equipped with a learning module enabling them to better analyze customers' service preferences, especially in cases when the details of a service request are not totally disclosed. Because traditional methods cannot totally reflect the autonomous collaboration between the mobile cloud entities, a prototype system based on the multi-agent platform JADE is implemented to evaluate the efficiency of the proposed strategies. The experimental results show that our approach improves the transaction success rate and user satisfaction.

Bluetooth enables excellent mobility in Brain Computer Interface (BCI) research and other use cases including ambulatory care, telemedicine, fitness tracking and mindfulness training. Although significant research exists for an all-encompassing BCI performance rating, almost all the literature addresses performance in terms of brain state or brain function classification accuracy. For the few published experiments that address BCI hardware performance, they too, focused on improving classification accuracy. This paper explores some of the more recent studies and proposes a trusted performance rating for BCI applications based on the enhanced privacy, yet reduced bandwidth needs of mobile EEG-based BCI applications. This paper proposes a set of Bluetooth operating parameters required to meet the performance, usability and privacy requirements of reliable and secure mobile neuro-feedback applications. It presents a rating model, "Trusted Mobile BCI", based on those operating parameters, and validated the model with studies that leveraged mobile BCI technology.

Two-factor authentication (2FA) is widely prevalent in banking, emails and virtual private networks (VPN) connections or in accessing any secure web service. In 2FA, to get authenticated the users are expected to provide additional secret information along with the password. Typically, this secret information (tokens) is generated by a centralized trusted third party upon receiving an authentication request from users. Thus, this additional layer of security comes at the cost of inherently trusting the third party for their services. The security of such authentication systems is always under the threat of the trusted party is being compromised. In this paper, we propose a novel approach to make server authentication even more secure by building 2FA over the blockchain platform which is distributed in nature. The proposed solution does not require any trusted third party between claimant (user) and the verifier (server) for the authentication purpose. To demonstrate the idea of using blockchain technology for 2FA, we have added an extra layer of security component to the OpenSSH server a widely used application for Secure Shell (SSH) protocol.

As part of its ongoing efforts to meet the increased spectrum demand, the Federal Communications Commission (FCC) has recently opened up 150 MHz in the 3.5 GHz band for shared wireless broadband use. Access and operations in this band, aka Citizens Broadband Radio Service (CBRS), will be managed by a dynamic spectrum access system (SAS) to enable seamless spectrum sharing between secondary users (SUs) and incumbent users. Despite its benefits, SAS's design requirements, as set by FCC, present privacy risks to SUs, merely because SUs are required to share sensitive operational information (e.g., location, identity, spectrum usage) with SAS to be able to learn about spectrum availability in their vicinity. In this paper, we propose TrustSAS, a trustworthy framework for SAS that synergizes state-of-the-art cryptographic techniques with blockchain technology in an innovative way to address these privacy issues while complying with FCC's regulatory design requirements. We analyze the security of our framework and evaluate its performance through analysis, simulation and experimentation. We show that TrustSAS can offer high security guarantees with reasonable overhead, making it an ideal solution for addressing SUs' privacy issues in an operational SAS environment.

The popularity of web applications and their world-wide use to support business critical operations raised the interest of hackers on exploiting security vulnerabilities to perform malicious operations. Fostering trust calls for assessment techniques that provide indicators about the quality of a web application from a security perspective. This paper studies the problem of using coding practices to characterize the trustworthiness of web applications from a security perspective. The hypothesis is that applying feasible security practices results in applications having a reduced number of unknown vulnerabilities, and can therefore be considered more trustworthy. The proposed approach is instantiated for the concrete case of input validation practices, and includes a Quality Model to compute trustworthiness scores that can be used to compare different applications or different code elements in the same application. Experimental results show that the higher scores are obtained for more secure code, suggesting that it can be used in practice to characterize trustworthiness, also providing guidance to compare and/or improve the security of web applications.

The idea behind collective perception is to improve vehicles' awareness about their surroundings. Every vehicle shares information describing its perceived environment by means of V2X communication. Similar to other information shared using V2X communication, collective perception information is potentially safety relevant, which means there is a need to assess the reliability and quality of received information before further processing. Transmitted information may have been forged by attackers or contain inconsistencies e.g. caused by malfunctions. This paper introduces a novel approach for estimating a belief that a pair of entities, e.g. two remote vehicles or the host vehicle and a remote vehicle, within a Vehicular ad hoc Network (VANET) are both trustworthy. The method updates the belief based on the consistency of the data that both entities provide. The evaluation shows that the proposed method is able to identify forged information.

The concept of social networking is integrated into Internet of things (IoT) to socialize smart objects by mimicking human behaviors, leading to a new paradigm of Social Internet of Things (SIoT). A crucial problem that needs to be solved is how to establish reliable relationships autonomously among objects, i.e., building trust. This paper focuses on exploring an efficient context-aware trustworthiness inference framework to address this issue. Based on the sociological and psychological principles of trust generation between human beings, the proposed framework divides trust into two types: familiarity trust and similarity trust. The familiarity trust can be calculated by direct trust and recommendation trust, while the similarity trust can be calculated based on external similarity trust and internal similarity trust. We subsequently present concrete methods for the calculation of different trust elements. In particular, we design a kernel-based nonlinear multivariate grey prediction model to predict the direct trust of a specific object, which acts as the core module of the entire framework. Besides, considering the fuzziness and uncertainty in the concept of trust, we introduce the fuzzy logic method to synthesize these trust elements. The experimental results verify the validity of the core module and the resistance to attacks of this framework.

Internet of Things (IoT) as per estimated will connect 50 billion devices by 2020. Since its evolution, IoT technology provides lots of flexibility to develop and implement any application. Most of the application improves the human living standard and also makes life easy to access and monitoring the things in real time. Though there exist some security and privacy issues in IoT system like authentication, computation, data modification, trust among users. In this paper, we have identified the IoT application like insurance, supply chain system, smart city and smart car where trust among associated users is an major issue. The current centralized system does not provide enough trust between users. Using Blockchain technology we have shown that trust issue among users can be managed in a decentralized way so that information can be traceable and identify/verify any time. Blockchain has properties like distributed, digitally share and immutable which enhance security. For Blockchain implementation, Ethereum platform is used.

Authorizing access to the public cloud has evolved over the last few years, from simple user authentication and password authentication to two-factor authentication (TOTP), with the addition of an additional field for entering a unique code. Today it is used by almost all major websites such as Facebook, Microsoft, Apple and is a frequently used solution for banking websites. On the other side, the private cloud solutions like OpenStack, CloudStack or Eucalyptus doesn't offer this security improvement. This article is presenting the advantages of this new type of authentication and synthetizes the TOTP authentication forms used by major cloud providers. Furthermore, the article is proposing to solve this challenge by presenting a practical solution for adding two-factor authentication for OpenStack cloud. For this purpose, the web authentication form has been modified and a new authentication module has been developed. The present document covers as well the entire process of adding a TOTP user, generating and sending the secret code in QR form to the user. The study concludes with OpenStack tools used for simplifying the entire process presented above.

As an extension of Internet of Things (IoT) in transportation sector, the Internet of Vehicles (IoV) can greatly facilitate vehicle management and route planning. With ever-increasing penetration of IoV, the security and privacy of driving data should be guaranteed. Moreover, since vehicles are often left unattended with minimum human interventions, the onboard sensors are vulnerable to physical attacks. Therefore, the physically secure authentication and key agreement (AKA) protocol is urgently needed for IoV to implement access control and information protection. In this paper, physical unclonable function (PUF) is introduced in the AKA protocol to ensure that the system is secure even if the user devices or sensors are compromised. Specifically, PUF, as a hardware fingerprint generator, eliminates the storage of any secret information in user devices or vehicle sensors. By combining password with PUF, the user device cannot be used by someone else to be successfully authenticated as the user. By resorting to public key cryptography, the proposed protocol can provide anonymity and desynchronization resilience. Finally, the elaborate security analysis demonstrates that the proposed protocol is free from the influence of known attacks and can achieve expected security properties, and the performance evaluation indicates the efficiency of our protocol.

This study introduces formal methods for detection of vulnerabilities in binary code. It considers the transformation of binary code into behavior algebra expressions and formalization of vulnerabilities. The detection method has two levels: behavior matching and symbolic execution with vulnerability pattern matching. This enables more efficient performance.

In this paper we propose a two-level hybrid anomalous activity detection model for intrusion detection in IoT networks. The level-1 model uses flow-based anomaly detection, which is capable of classifying the network traffic as normal or anomalous. The flow-based features are extracted from the CICIDS2017 and UNSW-15 datasets. If an anomaly activity is detected then the flow is forwarded to the level-2 model to find the category of the anomaly by deeply examining the contents of the packet. The level-2 model uses Recursive Feature Elimination (RFE) to select significant features and Synthetic Minority Over-Sampling Technique (SMOTE) for oversampling and Edited Nearest Neighbors (ENN) for cleaning the CICIDS2017 and UNSW-15 datasets. Our proposed model precision, recall and F score for level-1 were measured 100% for the CICIDS2017 dataset and 99% for the UNSW-15 dataset, while the level-2 model precision, recall, and F score were measured at 100 % for the CICIDS2017 dataset and 97 % for the UNSW-15 dataset. The predictor we introduce in this paper provides a solid framework for the development of malicious activity detection in IoT networks.

The following topics are dealt with: Internet of Things; invasive software; security of data; program testing; reverse engineering; product codes; binary codes; decoding; maximum likelihood decoding; field programmable gate arrays.

Breach of security due to unauthorized access to electronic hardware devices or chips has recently become a serious concern for the internet-connected daily activities. Imaging with electron microscopy is one of the invasive techniques used to gain knowledge about a chip layout and extract secret information by the attackers. Automatic destruction or disturbance of the secret key during such invasive attacks are required to ensure protection against these attacks. We have characterized the disturbance caused to programmed phase change memory (PCM) cells by the imaging electron beam during scanning electron microscopy (SEM) in terms of the measured cell resistance. A sudden increase of resistance is observed on all imaged amorphous cells while the cells programmed to intermediate states show either abrupt increase or erratic decrease. These erratic disturbances of state are promising to mislead an attacker that is trying to acquire a stored key and leave indelible marks of tampering. Since PCM is recently being considered for implementation of various hardware security primitives, these beam-induced state change and tamper-evidence features enhance security of PCM devices against physical attacks.

Travelling Ionospheric Disturbances (TIDs) are ionospheric manifestations of internal atmospheric gravity waves (AGW) in the neutral atmosphere driven by near-Earth space dynamics and by lower atmosphere phenomena. They constitute a threat for operational systems such as precise navigation (e.g., EGNOS and NRTK) and high frequency geolocation as they can impose disturbances with amplitudes of up to 20% of the ambient electron density, and Doppler frequency shifts of the order of 0.5 Hz on HF signals. The Horizon 2020 Project TechTIDE (http://techtide.space.noa.gr/) funded by the European Commission aims at designing and testing new viable TID impact mitigation strategies for the technologies affected by developing a system able to calculate in real-time the main TID characteristics (velocity, amplitude, propagation drection), to realistically specify background ionospheric conditions and to specify those ionospheric characteristics whose perturbation, because of TIDs, cause the impact in each specific technology. The TechTIDE system will contribute new understanding of the physical processes resulting in the formation of TIDs, and will consequently help to identify the drivers in the interplanetary medium, the magnetosphere and the atmosphere. This paper will provide a description of the instrumentation involved and outline the project methodologies for the identification and tracking of TIDs based on the exploitation of real-time observations from networks of Digisonde, GNSS receivers and Continuous Doppler Sounding Systems.