Biblio

Utilization of Wireless sensor network is growing with the development in modern technologies. On other side electromagnetic spectrum is limited resources. Application of wireless communication is expanding day by day which directly threaten electromagnetic spectrum band to become congested. Cognitive Radio solves this issue by implementation of unused frequency bands as "White Space". There is another important factor that gets attention in cognitive model i.e: Wireless Security. One of the famous causes of security threat is malicious node in cognitive radio wireless sensor networks (CRWSN). The goal of this paper is to focus on security issues which are related to CRWSN as Fusion techniques, Co-operative Spectrum sensing along with two dangerous attacks in CR: Primary User Emulation (PUE) and Spectrum Sensing Data Falsification (SSDF).

Network-on-Chip (NoC) is the communication platform of the data among the processing cores in Multiprocessors System-on-Chip (MPSoC). NoC has become a target to security attacks and by outsourcing design, it can be infected with a malicious Hardware Trojan (HT) to degrades the system performance or leaves a back door for sensitive information leaking. In this paper, we proposed a HT model that applies a denial of service attack by deliberately discarding the data packets that are passing through the infected node creating a black hole in the NoC. It is known as Black Hole Router (BHR) attack. We studied the effect of the BHR attack on the NoC. The power and area overhead of the BHR are analyzed. We studied the effect of the locations of BHRs and their distribution in the network as well. The malicious nodes has very small area and power overhead, 1.98% and 0.74% respectively, with a very strong violent attack.

In this paper we present techniques based on machine learning techniques on monitoring data for analysis of cybersecurity threats in cloud environments that incorporate enterprise applications from the fields of telecommunications and IoT. Cybersecurity is a term describing techniques for protecting computers, telecommunications equipment, applications, environments and data. In modern networks enormous volume of generated traffic can be observed. We propose several techniques such as Support Vector Machines, Neural networks and Deep Neural Networks in combination for analysis of monitoring data. An approach for combining classifier results based on performance weights is proposed. The proposed approach delivers promising results comparable to existing algorithms and is suitable for enterprise grade security applications.

Searchable encryption (SE) supports privacy-preserving searches over encrypted data. Recent studies on SE have focused on improving efficiency of the schemes. However, it was shown that most of the previous SE schemes could reveal the client's queries even if they are encrypted, thereby leading to privacy violation. In order to solve the problem, several forward private SE schemes have been proposed in a single client environment. However, the previous forward private SE schemes have never been analyzed in multi-client settings. In this paper, we briefly review the previous forward private SE schemes. Then, we conduct a comparative analysis of them in terms of performance and forward privacy. Our analysis demonstrates the previous forward secure SE schemes highly depend on the file-counter. Lastly, we show that they are not scalable in multi-client settings due to the performance and security issue from the file-counter.

Mobile Adhoc Network (MANET) are the networks where network nodes uses wireless links to transfer information from one node to another without making use of existing infrastructure. There is no node in the network to control and coordinate establishment of connections between the network nodes. Hence the network nodes performs dual function of both node as well as router. Due to dynamically changing network scenarios, absence of centralization and lack of resources, MANETs have a threat of large number of security attacks. Hence security attacks need to be evaluated in order to find effective methods to avoid or remove them. In this paper malicious behavior of Blackhole attack and Rushing attack is studied and analyzed for QoS metrics.

This paper presents an analytical method for predicting the electromagnetic performance in permanent magnet (PM) machine with the spoke-type rotor (STR) and a proposed hybrid rotor structure (HRS), respectively. The key of this method is to combine magnetic field analysis model (MFAM) with the magnetic equivalent circuit model. The influence of the irregular PM shape is considered by the segmentation calculation. To obtain the boundary condition in the MFAM, respectively, two equivalent methods on the rotor side are proposed. In the STR, the average flux density of the rotor core outer-surface is calculated to solve the Laplace's equation with considering for the rotor core outer-surface eccentric. In the HRS, based on the Thevenin's theorem, the equivalent parameters of PM remanence BreB and thickness hpme are obtained as a given condition, which can be utilized to compute the air-gap flux density by conventional classic magnetic field analysis model of surface-mounted PMs with air-gap region. Finally, the proposed analytical models are verified by the finite element analysis (FEA) with comparisons of the air-gap flux density, flux linkage, back-EMF and electromagnetic torque, respectively. Furthermore, the performance that the machine with the proposed hybrid structure rotor can improve the torque density as explained.

Wireless sensor networks consist of various sensors that are deployed to monitor the physical world. And many existing security schemes use traditional cryptography theory to protect message content and contextual information. However, we are concerned about location security of nodes. In this paper, we propose an anonymous routing strategy for preserving location privacy (ARPLP), which sets a proxy source node to hide the location of real source node. And the real source node randomly selects several neighbors as receivers until the packets are transmitted to the proxy source. And the proxy source is randomly selected so that the adversary finds it difficult to obtain the location information of the real source node. Meanwhile, our scheme sets a branch area around the sink, which can disturb the adversary by increasing the routing branch. According to the analysis and simulation experiments, our scheme can reduce traffic consumption and communication delay, and improve the security of source node and base station.

Nowadays, IoT has crossed all borders and become ubiquitous in everyday life. This emerging technology has a huge success in closing the gap between the digital and the real world. However, security and privacy become huge concerns especially in the medical field which prevent the healthcare industry from adopting it despite its benefits and potentials. This paper focuses on identifying potential security threats to the IoMT and presents the security mechanisms to remove any possible impediment from immune information security of IoMT. A summarized framework of the layered-security model is proposed followed by a specific assessment review of each layer.

Many cybersecurity breaches occur due to users not following security regulations, chief among them regulations pertaining to what might be termed hygiene---including applying software patches to operating systems, updating software applications, and maintaining strong passwords. 

We capture cybersecurity expectations on users as norms. We empirically investigate sanctioning mechanisms in promoting compliance with those norms as well as the detrimental effect of sanctions on the ability of users to complete their work. We do so by developing a game that emulates the decision making of workers in a research lab. 

We find that relative to group sanctions, individual sanctions are more effective in achieving compliance and less detrimental on the ability of users to complete their work.
Our findings have implications for workforce training in cybersecurity.

Affective Computing is a rapidly growing field spurred by advancements in artificial intelligence, but often, held back by the inability to translate psychological theories of emotion into tractable computational models. To address this, we propose a probabilistic programming approach to affective computing, which models psychological-grounded theories as generative models of emotion, and implements them as stochastic, executable computer programs. We first review probabilistic approaches that integrate reasoning about emotions with reasoning about other latent mental states (e.g., beliefs, desires) in context. Recently-developed probabilistic programming languages offer several key desidarata over previous approaches, such as: (i) flexibility in representing emotions and emotional processes; (ii) modularity and compositionality; (iii) integration with deep learning libraries that facilitate efficient inference and learning from large, naturalistic data; and (iv) ease of adoption. Furthermore, using a probabilistic programming framework allows a standardized platform for theory-building and experimentation: Competing theories (e.g., of appraisal or other emotional processes) can be easily compared via modular substitution of code followed by model comparison. To jumpstart adoption, we illustrate our points with executable code that researchers can easily modify for their own models. We end with a discussion of applications and future directions of the probabilistic programming approach

Code reuse attacks can bypass the DEP mechanism effectively. Meanwhile, because of the stealthy of the operation, it becomes one of the most intractable threats while securing the information system. Although the security solutions of code randomization and diversity can mitigate the threat at a certain extent, attackers can bypass these solutions due to the high cost and coarsely granularity, and the memory disclosure vulnerability is another magic weapon which can be used by attackers to bypass these solutions. After analyzing the principle of memory disclosure vulnerability, we propose a novel code pointer hiding method based on a resilient area. We expatiate how to create the resilient area and achieve code pointer hiding from four aspects, namely hiding return addresses in data pages, hiding function pointers in data pages, hiding target pointers of instruction JUMP in code pages, and hiding target pointers of instruction CALL in code pages. This method can stop attackers from reading and analyzing pages in memory, which is a critical stage in finding and creating ROP chains while executing a code reuse attack. Lastly, we test the method contrastively, and the results show that the method is feasible and effective while defending against ROP attacks.

Industrial control systems (ICS) are systems used in critical infrastructures for supervisory control, data acquisition, and industrial automation. ICS systems have complex, component-based architectures with many different hardware, software, and human factors interacting in real time. Despite the importance of security concerns in industrial control systems, there has not been a comprehensive study that examined common security architectural weaknesses in this domain. Therefore, this paper presents the first in-depth analysis of 988 vulnerability advisory reports for Industrial Control Systems developed by 277 vendors. We performed a detailed analysis of the vulnerability reports to measure which components of ICS have been affected the most by known vulnerabilities, which security tactics were affected most often in ICS and what are the common architectural security weaknesses in these systems. Our key findings were: (1) Human-Machine Interfaces, SCADA configurations, and PLCs were the most affected components, (2) 62.86% of vulnerability disclosures in ICS had an architectural root cause, (3) the most common architectural weaknesses were “Improper Input Validation”, followed by “Im-proper Neutralization of Input During Web Page Generation” and “Improper Authentication”, and (4) most tactic-related vulnerabilities were related to the tactics “Validate Inputs”, “Authenticate Actors” and “Authorize Actors”.

Software security techniques rely on correct execution by the hardware. Securing hardware components has been challenging due to their complexity and the proportionate attack surface they present during their design, manufacture, deployment, and operation. Recognizing that external communication represents one of the greatest threats to a system's security, this paper introduces the TrustGuard containment architecture. TrustGuard contains malicious and erroneous behavior using a relatively simple and pluggable gatekeeping hardware component called the Sentry. The Sentry bridges a physical gap between the untrusted system and its external interfaces. TrustGuard allows only communication that results from the correct execution of trusted software, thereby preventing the ill effects of actions by malicious hardware or software from leaving the system. The simplicity and pluggability of the Sentry, which is implemented in less than half the lines of code of a simple in-order processor, enables additional measures to secure this root of trust, including formal verification, supervised manufacture, and supply chain diversification with less than a 15% impact on performance.

One of the latest emerging technologies is artificial intelligence, which makes the machine mimic human behavior. The most important component used to detect cyber attacks or malicious activities is the Intrusion Detection System (IDS). Artificial intelligence plays a vital role in detecting intrusions and widely considered as the better way in adapting and building IDS. In trendy days, artificial intelligence algorithms are rising as a brand new computing technique which will be applied to actual time issues. In modern days, neural network algorithms are emerging as a new artificial intelligence technique that can be applied to real-time problems. The proposed system is to detect a classification of botnet attack which poses a serious threat to financial sectors and banking services. The proposed system is created by applying artificial intelligence on a realistic cyber defense dataset (CSE-CIC-IDS2018), the very latest Intrusion Detection Dataset created in 2018 by Canadian Institute for Cybersecurity (CIC) on AWS (Amazon Web Services). The proposed system of Artificial Neural Networks provides an outstanding performance of Accuracy score is 99.97% and an average area under ROC (Receiver Operator Characteristic) curve is 0.999 and an average False Positive rate is a mere value of 0.001. The proposed system using artificial intelligence of botnet attack detection is powerful, more accurate and precise. The novel proposed system can be implemented in n machines to conventional network traffic analysis, cyber-physical system traffic data and also to the real-time network traffic analysis.

With advances in information and communication technologies, cities are getting smarter to enhance the quality of human life. In smart cities, safety (including security) is an essential issue. In this paper, by reviewing several safe city projects, smart city facilities for the safety are presented. With considering the facilities, a design for a crime intelligence system is introduced. Then, concentrating on how to support police activities (i.e., emergency call reporting reception, patrol activity, investigation activity, and arrest activity) with immersive technologies in order to reduce a crime rate and to quickly respond to emergencies in the safe city, smart policing with augmented reality (AR) and virtual reality (VR) is explained.

Reverse engineering is a manually intensive but necessary technique for understanding the inner workings of new malware, finding vulnerabilities in existing systems, and detecting patent infringements in released software. An assembly clone search engine facilitates the work of reverse engineers by identifying those duplicated or known parts. However, it is challenging to design a robust clone search engine, since there exist various compiler optimization options and code obfuscation techniques that make logically similar assembly functions appear to be very different. A practical clone search engine relies on a robust vector representation of assembly code. However, the existing clone search approaches, which rely on a manual feature engineering process to form a feature vector for an assembly function, fail to consider the relationships between features and identify those unique patterns that can statistically distinguish assembly functions. To address this problem, we propose to jointly learn the lexical semantic relationships and the vector representation of assembly functions based on assembly code. We have developed an assembly code representation learning model \textbackslashemphAsm2Vec. It only needs assembly code as input and does not require any prior knowledge such as the correct mapping between assembly functions. It can find and incorporate rich semantic relationships among tokens appearing in assembly code. We conduct extensive experiments and benchmark the learning model with state-of-the-art static and dynamic clone search approaches. We show that the learned representation is more robust and significantly outperforms existing methods against changes introduced by obfuscation and optimizations.

Cloud computing is widely believed to be the future of computing. It has grown from being a promising idea to one of the fastest research and development paradigms of the computing industry. However, security and privacy concerns represent a significant hindrance to the widespread adoption of cloud computing services. Likewise, the attributes of the cloud such as multi-tenancy, dynamic supply chain, limited visibility of security controls and system complexity, have exacerbated the challenge of assessing cloud risks. In this paper, we conduct a real-world case study to validate the use of a supply chaininclusive risk assessment model in assessing the risks of a multicloud SaaS application. Using the components of the Cloud Supply Chain Cyber Risk Assessment (CSCCRA) model, we show how the model enables cloud service providers (CSPs) to identify critical suppliers, map their supply chain, identify weak security spots within the chain, and analyse the risk of the SaaS application, while also presenting the value of the risk in monetary terms. A key novelty of the CSCCRA model is that it caters for the complexities involved in the delivery of SaaS applications and adapts to the dynamic nature of the cloud, enabling CSPs to conduct risk assessments at a higher frequency, in response to a change in the supply chain.

With the widespread of cloud computing, the delegation of storage and computing is becoming a popular trend. Concerns on data integrity, security, user privacy as well as the correctness of execution are highlighted due to the untrusted remote data manipulation. Most of existing proposals solve the integrity checking and verifiable computation problems by challenge-response model, but are lack of scalability and reusability. Via blockchain, we achieve efficient and transparent public verifiable delegation for both storage and computing. Meanwhile, the smart contract provides API for request handling and secure data query. The security and privacy issues of data opening are settled by applying cryptographic algorithms all through the delegations. Additionally, any access to the outsourced data requires the owner's authentication, so that the dat transference and utilization are under control.

Ransomware, as a specialized form of malicious software, has recently emerged as a major threat in computer security. With an ability to lock out user access to their content, recent ransomware attacks have caused severe impact at an individual and organizational level. While research in malware detection can be adapted directly for ransomware, specific structural properties of ransomware can further improve the quality of detection. In this paper, we adapt the deep learning methods used in malware detection for detecting ransomware from emulation sequences. We present specialized recurrent neural networks for capturing local event patterns in ransomware sequences using the concept of attention mechanisms. We demonstrate the performance of enhanced LSTM models on a sequence dataset derived by the emulation of ransomware executables targeting the Windows environment.

ARGOS is a web service we implemented to offer face recognition Authentication Services (AaaS) to mobile and desktop (via the web browser) end users. The Authentication Services may be used by 3rd party service organizations to enhance their service offering to their customers. ARGOS implements a secure face recognition-based authentication service aiming to provide simple and intuitive tools for 3rd party service providers (like PayPal, banks, e-commerce etc) to replace passwords with face biometrics. It supports authentication from any device with 2D or 3D frontal facing camera (mobile phones, laptops, tablets etc.) and almost any operating systems (iOS, Android, Windows and Linux Ubuntu).

To protect sensitive information of an organization, we need to have proper access controls since several data breach incidents were happened because of broken access controls. Normally, the IT auditing process would be used to identify security weaknesses and should be able to detect any potential access control violations in advance. However, most auditing processes are done manually and not performed consistently since lots of resources are required; thus, the auditing is performed for quality assurance purposes only. This paper proposes an automated process to audit the access controls on the Windows server operating system. We define the audit checklist and use the controls defined in ISO/IEC 27002:2013 as a guideline for identifying audit objectives. In addition, an automated audit tool is developed for checking security controls against defined security policies. The results of auditing are the list of automatically generated passed and failed policies. If the auditing is done consistently and automatically, the intrusion incidents could be detected earlier and essential damages could be prevented. Eventually, it would help increase the reliability of the system.

Bitcoin is popular not only with consumers, but also with cybercriminals (e.g., in ransomware and online extortion, and commercial online child exploitation). Given the potential of Bitcoin to be involved in a criminal investigation, the need to have an up-to-date and in-depth understanding on the forensic acquisition and analysis of Bitcoins is crucial. However, there has been limited forensic research of Bitcoin in the literature. The general focus of existing research is on postmortem analysis of specific locations (e.g. wallets on mobile devices), rather than a forensic approach that combines live data forensics and postmortem analysis to facilitate the identification, acquisition, and analysis of forensic traces relating to the use of Bitcoins on a system. Hence, the latter is the focus of this paper where we present an open source tool for live forensic and postmortem analysing automatically. Using this open source tool, we describe a list of target artifacts that can be obtained from a forensic investigation of popular Bitcoin clients and Web Wallets on different web browsers installed on Windows 7 and Windows 10 platforms.

Accountability is a recent paradigm in security protocol design which aims to eliminate traditional trust assumptions on parties and hold them accountable for their misbehavior. It is meant to establish trust in the first place and to recognize and react if this trust is violated. In this work, we discuss a protocol-agnostic definition of accountability: a protocol provides accountability (w.r.t. some security property) if it can identify all misbehaving parties, where misbehavior is defined as a deviation from the protocol that causes a security violation. We provide a mechanized method for the verification of accountability and demonstrate its use for verification and attack finding on various examples from the accountability and causality literature, including Certificate Transparency and Krollˆ\textbackslashtextbackslashprimes Accountable Algorithms protocol. We reach a high degree of automation by expressing accountability in terms of a set of trace properties and show their soundness and completeness.

Enforcement of hypersafety security policies such as noninterference can be achieved through Secure Multi-Execution (SME). While this is typically very resource-intensive, more efficient solutions such as Demand-Driven Secure Multi-Execution (DDSME) exist. Here, the resource requirements are reduced by restricting multi-execution enforcement to critical sections in the code. However, the current solution requires manual binary analysis. In this paper, we propose a fully automatic critical section analysis. Our analysis extracts a context-sensitive boundary of all nodes that handle information from the reachability relation implied by the control-flow graph. We also provide evaluation results, demonstrating the correctness and acceleration of DDSME with our analysis.

With the growing scale of Cyber-Physical Systems (CPSs), it is challenging to maintain their stability under all operating conditions. How to reduce the downtime and locate the failures becomes a core issue in system design. In this paper, we employ a hierarchical contract-based resilience framework to guarantee the stability of CPS. In this framework, we use Assume Guarantee (A-G) contracts to monitor the non-functional properties of individual components (e.g., power and latency), and hierarchically compose such contracts to deduce information about faults at the system level. The hierarchical contracts enable rapid fault detection in large-scale CPS. However, due to the vast number of components in CPS, manually designing numerous contracts and the hierarchy becomes challenging. To address this issue, we propose a technique to automatically decompose a root contract into multiple lower-level contracts depending on I/O dependencies between components. We then formulate a multi-objective optimization problem to search the optimal parameters of each lower-level contract. This enables automatic contract refinement taking into consideration the communication overhead between components. Finally, we use a case study from the manufacturing domain to experimentally demonstrate the benefits of the proposed framework.