Open Systems and Security, 2014

	Open Systems and Security, 2014

Open systems historically seemed "immune" to cyber-attacks because hackers used the same software. But increasingly, open systems vulnerabilities are being exploited. The articles cited here explore various aspects of open systems security, including resource sharing, software specifications, attack vectors and dependability.  Nearly five hundred research articles on the subject of open systems and security were published in 2104.  The ones cited here appear to have the most direct relevance to the Science of Security and cyber-physical systems.

Azhar, I.; Ahmed, N.; Abbasi, A.G.; Kiani, A.; Shibli, A., "Keeping Secret Keys Secret In Open Systems," Open Source Systems and Technologies (ICOSST), 2014 International Conference on, pp. 100, 104, 18-20 Dec. 2014. doi: 10.1109/ICOSST.2014.7029328
Abstract: Security of cryptographic keys stored on an untrusted host is a challenging task. Casual storage of keys could lead to an unauthorized access using physical means. If an adversary can access the binary code, the key material can be easily extracted using well-known key-finding techniques. This paper proposes a new technique for securing keys within software. In our proposed technique, we transform keys (randomly generated bit-strings) to a set of randomized functions, which are then compiled and obfuscated together to form a secure application. When the keys are required at the run-time, an inverse transform is computed by the application dynamically to yield the original bit-strings. We demonstrate that our technique resists attacks by many entropy based key finding algorithms that scan the host's RAM at run-time.
Keywords: computer network security; cryptography; inverse transforms; open systems; RAM; binary code; cryptographic key security; entropy-based key finding algorithm; inverse transform; key material; key-finding technique; open systems; randomized functions; randomly-generated bit-strings; secret keys; Availability; Cryptography; Heuristic algorithms; Lead; Open systems; Software; Key Hiding; Open System Security; White-Box Model (ID#: 15-5253)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7029328&isnumber=7029304

Shand, C.; McMorran, A.; Taylor, G., "Integration And Adoption Of Open Data Standards For Online And Offline Power System Analysis," Power Engineering Conference (UPEC), 2014 49th International Universities, pp. 1, 6, 2-5 Sept. 2014. doi: 10.1109/UPEC.2014.6934667
Abstract: The scalable communication, processing and storage of data within a power network is becoming more and more necessary to ensure the reliability of the grid and maintain the security of supply to consumers. Not all communications are performed in the same timeframe, at the same frequency, or at the same time of day; this results in problems when trying to coordinate a power network and the necessary data exchange. Different open or proprietary standards are often incompatible with each other both in terms of their communication protocols and data models. This causes electricity companies and standards groups to develop their own method of data exchange thus resulting in problems for exchanging and integrating this data, both internally and externally. Overcoming the challenges with incompatible data structure, serialisation formats and communication protocols will make it easier to integrate systems and realise the potential of being able to integrate data across domains. These include the ability to integrate real-time data into offline analysis tools; or utilising smart-meter data to enable true real-time pricing for electricity markets.
Keywords: data communication; power distribution economics; power grids; power markets; power supplies to apparatus; power system security; power transmission economics; protocols; communication protocol;data exchange; data storage model; electricity company; electricity consumer; electricity market; offline power system analysis; online power system analysis; open data standard integration; power network grid reliability; power supply security; scalable communication; smart meter; Computer integrated manufacturing; Data models; IEC standards; Phasor measurement units; Protocols; Real-time systems; Communication; Data Exchange; Open Standards; Power System Analysis (ID#: 15-5254)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6934667&isnumber=6934581

Subin Shen; Carugi, M., "Standardizing The Internet Of Things In An Evolutionary Way," ITU Kaleidoscope Academic Conference: Living In A Converged World - Impossible Without Standards?, Proceedings of the 2014, pp. 249, 254, 3-5 June 2014. doi: 10.1109/Kaleidoscope.2014.6858472
Abstract: The current situation of technology separation among the different application domains of the Internet of Things (IoT) results in a market separation per application domain. This issue hinders the technical innovation and investments in the IoT business. In order to solve the issue, it is necessary to standardize common technologies of the IoT across the different application domains. This paper argues that the key direction of the future standardization of the IoT is not standardizing specific technologies, but building over a standardized new architecture reference model for the IoT. Based on the analysis of existing key activities concerning the standardization of OSI, NGN and IoT from a functional architecture perspective, it suggests that the IoT standardization work be progressed in an evolutionary way in order to enable the integration of existing technologies, and focus on the interactions among the functional entities of the IoT to impose minimum constraints on future technical innovations.
Keywords: Internet of Things; social aspects of automation; International Telecommunication Union; Internet of Things; IoT; evolutionary way; next generation network; open system interconnection; Computer architecture; Next generation networking; Open systems; Privacy; Security; Telecommunication standards; Internet of Things; Next Generation Network; Open System Interconnection; architecture reference model; functional entity; interaction; standardization (ID#: 15-5255)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6858472&isnumber=6858455

Alqahtani, S.M.; Al Balushi, M.; John, R., "An Intelligent Intrusion Prevention System for Cloud Computing (SIPSCC)," Computational Science and Computational Intelligence (CSCI), 2014 International Conference on, vol.2, pp.152,158, 10-13 March 2014. doi: 10.1109/CSCI.2014.161
Abstract: Cloud computing is a fast growing IT model for the exchange and delivery of different services through the Internet. However there is a plethora of security concerns in cloud computing which still need to be tackled (e.g. confidentiality, auditability and Privileged User Access). To detect and prevent such issues, the Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) are effective mechanism against attacks such as SQL Injection. This study proposes a new service of IPS that prevents SQL injections when it comes over cloud computing website(CCW) using signature-based devices approach. A model has been implemented on three virtual machines. Through this implementation, a service-based intrusion prevention system in cloud computing (SIPSCC) is proposed, investigated and evaluated from three perspectives the vulnerability detection, average time, and false positives.
Keywords: SQL; Web sites; cloud computing; digital signatures; security of data; virtual machines; CCW;IDS;IPS; Internet; SIPSCC;SQL injections; cloud computing Web site; intelligent intrusion prevention system; intrusion detection system; service-based intrusion prevention system in cloud computing; signature-based device approach; virtual machines; vulnerability detection; Cloud computing; Databases; Educational institutions; Intrusion detection; Servers; SIPSCC; CCW; IDS; IPS; Open Source Hostbased Intrusion Detection System (OSSEC) (ID#: 15-5256)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6822321&isnumber=6822285

Qingshui Xue; Fengying Li; Zhenfu Cao, "Proxy Multi-Signature Binding Positioning Protocol," Communications in China (ICCC), 2014 IEEE/CIC International Conference on,  pp. 166, 170, 13-15 Oct. 2014. doi: 10.1109/ICCChina.2014.7008265
Abstract: Position-based cryptography has attracted lots of researchers' attention. In the mobile Internet, there are many position-based security applications. For the first time, one new conception-proxy multi-signature binding positioning protocols, is proposed. Based on one secure positioning protocol, one model of the proxy multi-signature binding positioning protocols is proposed. In the model, positioning protocols are bound to proxy multi-signature tightly, not loosely. Further, we propose one scheme of proxy multi-signature binding positioning protocols. As far as we know, it is the first scheme of proxy multi-signature binding positioning protocols.
Keywords: cryptographic protocols; mobile Internet; position-based cryptography; position-based security application; proxy multisignature binding positioning protocol; Cryptography; Internet; Mobile communication; Open systems; Privacy; Protocols; Positioning protocol; UC security; model; proxy multi-signature; proxy signature; scheme (ID#: 15-5257)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7008265&isnumber=7008220

Trenwith, P.M.; Venter, H.S., "A Digital Forensic Model For Providing Better Data Provenance In The Cloud," Information Security for South Africa (ISSA), 2014, pp. 1 ,6, 13-14 Aug. 2014. doi: 10.1109/ISSA.2014.6950489
Abstract: The cloud has made digital forensic investigations exceedingly difficult due to the fact that data may be spread over an ever-changing set of hosts and data centres. The normal search and seizure approach that digital forensic investigators tend to follow does not scale well in the cloud because it is difficult to identify the physical devices that data resides on. In addition, the location of these devices is often unknown or unreachable. A solution to identifying the physical device can be found in data provenance. Similar to the tags included in an email header, indicating where the email originated, a tag added to data, as it is passed on by nodes in the cloud, identifies where the data came from. If such a trace can be provided for data in the cloud it may ease the investigating process by indicating where the data can be found. In this research the authors propose a model that aims to identify the physical location of data, both where it originated and where it has been as it passes through the cloud. This is done through the use of data provenance. The data provenance records will provide digital investigators with a clear record of where the data has been and where it can be found in the cloud.
Keywords: cloud computing; digital forensics; cloud computing; data provenance; digital forensic model; email header; search and seizure approach; Cloud computing; Computational modeling; Computers; Digital forensics; Open systems; Protocols; Servers; Cloud Computing; Digital Forensic Investigation; Digital Forensics; annotations; bilinear pairing technique; chain of custody; data provenance (ID#: 15-5258)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6950489&isnumber=6950479

Sitnikova, E.; Asgarkhani, M., "A Strategic Framework For Managing Internet Security," Fuzzy Systems and Knowledge Discovery (FSKD),  2014 11th International Conference on, pp.  947, 955, 19-21 Aug. 2014. doi: 10.1109/FSKD.2014.6980967
Abstract: The internet which was originally developed as an open distributed system has since evolved to become a key platform for connectivity of businesses and communities. Today, the internet is used for transferring critical information amongst sophisticated systems. These systems extend beyond one business organization to community of customers and suppliers. Consequently, today, vulnerabilities and risks to the Internet are equally relevant to systems that are integrated within corporate networks. Cloud Computing solutions, Supervisory Control and Data Acquisition (SCADA) systems and the Bring Your Own Device (BYOD) approach adopted by some organizations are examples of complexity of managing Internet security today. These systems are not only vulnerable to own system specific issues but also threatened by other Internet-related vulnerabilities. Whilst numerous previous studies have identified the need for managing Internet security, there remains a need for taking a strategic approach in security management of the Internet and sensitive Industrial Control Systems (ICS) integrated systems. This paper examines research on Internet security using a risk management approach. It presents an overview of key issues and recommends a management framework for secure Internet access.
Keywords: Bring Your Own Device; SCADA systems; business data processing; cloud computing; industrial control; open systems; risk management; security of data; BYOD approach; ICS integrated systems; Internet security management; SCADA systems; bring your own device approach; business organization; cloud computing solutions ;industrial control system integrated systems; open distributed system; risk management approach; supervisory control and data acquisition systems; Cloud computing; Computer crime; Computer hacking; Organizations; SCADA systems; Cloud Computing; Cyber Security; Internet Security; Risk Management; SCADA Systems; Strategic Security Management (ID#: 15-5259)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6980967&isnumber=6980796

Bakshi, K., "Secure Hybrid Cloud Computing: Approaches And Use Cases," Aerospace Conference, 2014 IEEE, pp. 1, 8, 1-8 March 2014. doi: 10.1109/AERO.2014.6836198
Abstract: Hybrid cloud is defined as a cloud infrastructure composed of two or more cloud infrastructures (private, public, and community clouds) that remain unique entities, but are bound together via technologies and approaches for the purposes of application and data portability. This paper will review a novel approach for implementing a secure hybrid cloud. Specifically, public and private cloud entities will be discussed for a hybrid cloud approach. The approach is based on extension of virtual Open Systems Interconnection (OSI) Layer 2 switching functions from a private cloud and to public clouds, tunneled on an OSI Layer 3 connection. As a result of this hybrid cloud approach, virtual workloads can be migrated from the private cloud to the public cloud and continue to be part of the same Layer 2 domain as in the private cloud, thereby maintaining consistent operational paradigms in bot the public and private cloud. This paper will introduce and discuss the virtual switching technologies which are fundamental underpinnings of the secure hybrid approach. This paper will not only discuss the virtual Layer 2 technical architecture of this approach, but also related security components. Specifically, data in motion security between the public and private clouds and interworkload secure communication in the public cloud will be reviewed. As part of the hybrid cloud approach, security aspects like encrypted communication tunnels, key management, and security management will be discussed. Moreover, management consoles, control points, and integration with cloud orchestration systems will also be discussed. Additionally, hybrid cloud consideration for network services like network firewall, server load balancers, application accelerators, and network routing functions will be examined. Finally, several practical use cases which can be applicable in the aerospace industry, like workload bursting, application development environments, and Disaster Recovery as a Service will be explored.
Keywords: cloud computing; open systems; security of data; OSI; aerospace industry; application accelerators; cloud infrastructure; cloud orchestration systems; community clouds; data portability; disaster recovery; encrypted communication tunnels; key management; motion security; network firewall; network routing functions; open systems interconnection; private clouds; public clouds; secure hybrid cloud computing; security aspects; security components; security management; server load balancers; switching functions; virtual switching technologies; Cloud computing; Computer architecture; Switches; Virtual machine monitors; Virtual machining (ID#: 15-5260)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6836198&isnumber=6836156

Xiao Chun Yin; Zeng Guang Liu; Hoon Jae Lee, "An Efficient And Secured Data Storage Scheme In Cloud Computing Using ECC-Based PKI," Advanced Communication Technology (ICACT), 2014 16th International Conference on, pp. 523, 527, 16-19 Feb. 2014. doi: 10.1109/ICACT.2014.6779015
Abstract: Cloud computing is set of resources and services offered through the Internet. Cloud services are delivered from data centres located throughout the world. Cloud computing facilitates its consumers by providing virtual resources via internet. The rapid growth in field of "cloud computing" also increases severe security concerns. Security has remained a constant issue for Open Systems and internet, when we are talking about security, cloud really suffers. Lack of security is the only hurdle in wide adoption of cloud computing. Cloud computing is surrounded by many security issues like securing data and examining the utilization of cloud by the cloud computing vendors. This paper proposes a scheme to securely store and access of data via internet. We have used ECC based PKI for certificate procedure because the use of ECC significantly reduces the computation cost, message size and transmission overhead over RSA based PKI as 160-bit key size in ECC provides comparable security with 1024-bit key in RSA. We have designed Secured Cloud Storage Framework (SCSF). In this framework, users not only can securely store and access data in cloud but also can share data with multiple users through the unsecure internet in a secured way. This scheme can ensure the security and privacy of the data in the cloud.
Keywords: cloud computing; computer centres; data privacy; open systems; public key cryptography; security of data; storage management; ECC-based PKI; RSA based PKI; SCSF; certificate procedure; cloud computing; cloud services; computation cost; data centres; data privacy; data security; message size; open systems; secured cloud storage framework; secured data storage scheme; security concern; transmission overhead; unsecure Internet; virtual resources; Cloud computing; Educational institutions; Elliptic curve cryptography; Elliptic curves; Certificate; Cloud computing; Cloud storage; ECC; PKI (ID#: 15-5261)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6779015&isnumber=6778899

Paudel, S.; Tauber, M.; Wagner, C.; Hudic, A.; Wee-Kong Ng, "Categorization of Standards, Guidelines and Tools for Secure System Design for Critical Infrastructure IT in the Cloud," Cloud Computing Technology and Science (CloudCom), 2014 IEEE 6th International Conference on, pp. 956, 963, 15-18 Dec. 2014. doi: 10.1109/CloudCom.2014.172
Abstract: With the increasing popularity of cloud computing, security in cloud-based applications is gaining awareness and is regarded as one of the most crucial factors for the long term success of such applications. Despite all benefits of cloud computing, its fate lies in its success in gaining trust from its users achieved by ensuring cloud services being built in a safe and secure manner. This work evaluates existing security standards and tools for creating Critical Infrastructure (CI) services in cloud environments -- often implemented as cyber physical systems (CPS). We also identify security issues from a literature review and from a show case analysis. Furthermore, we analyse and evaluate how mitigation options for identified open security issues for CI in the cloud point to individual aspects of standards and guidelines to support the creation of secure CPS/CI in the cloud. Additionally, we presented the results in a multidimensional taxonomy based on the mapping of the issues and the standards and tools. We show which areas require the attention as they are currently not covered completely by existing standards, guidelines and tools.
Keywords: cloud computing; critical infrastructures; open systems; security of data; standards; trusted computing; CPS; cloud computing; cloud environments; cloud services; cloud-based applications; critical infrastructure IT; critical infrastructure services; cyberphysical systems; guideline categorization; multidimensional taxonomy; open security issues; secure system design; standard categorization; Cloud computing; Context; Guidelines; Security; Standards; Taxonomy; CPS; critical infrastructure; secure software development; security-engineering (ID#: 15-5262)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7037790&isnumber=7036227

Diogo, P.; Reis, L.P.; Vasco Lopes, N., "Internet Of Things: A System's Architecture Proposal," Information Systems and Technologies (CISTI), 2014 9th Iberian Conference on, pp. 1, 6, 18-21 June 2014.  doi: 10.1109/CISTI.2014.6877072
Abstract: Internet of Things (IoT) is seen as the future of Internet. We will step out from typical current communication paradigm, to a much wider spectrum, where normal “things” will talk to each other, independent of human interaction. Emphasizing its importance in health industry, it can save lives and improve the ageing and disabled population's quality of living. It is not just things connected to the Internet - it is intelligent systems that we will be able to build on top of IoT that will introduce us to a better quality of life. However, IoT is facing a major problem: fragmentation and interoperability problems. If we want things to communicate with each other, intelligently and autonomously, then the new future Internet must be structured to allow such thing. The industry must adopt current standards and provide interoperability among other systems and developers must be aware of this issue too. Every new device should be IoT proof for future integration in IoT. In this article, there is a focus on these health-related use cases where they are detailed and explained how IoT could be deployed to aid in specific cases. The second part of the article takes the current IoT problem and tackles its issues, presenting a communication paradigm and proposes a new IoT system's architecture.
Keywords: Internet of Things; health care; medical information systems; open systems; Internet of Things; IoT system architecture; ageing population quality of living improvement; communication paradigm; disabled population quality of living improvement; fragmentation problem; health industry; intelligent systems; interoperability problem; quality of life; Internet of Things; Logic gates; Security; Telecommunication standards; Web services; Internet of Things; M2M; architecture; communication; e-health; fragmentation; interoperability (ID#: 15-5263)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6877072&isnumber=6876860

Saravanakumar, C.; Arun, C., "Survey On Interoperability, Security, Trust, Privacy Standardization Of Cloud Computing," Contemporary Computing and Informatics (IC3I), 2014 International Conference on, pp. 977, 982, 27-29 Nov. 2014. doi: 10.1109/IC3I.2014.7019735
Abstract: Cloud computing is a service oriented concept which offers everything as a service. These services are deployed at the server with necessary credentials in order to provide reliable services to the customer. The customer always wants to process and store the data in the cloud with an efficient access over different location. The security is the key parameter to secure the customer's data. The cloud computing security issues are addressed in various standards and techniques which lacks in providing a complete solution. The privacy issues in the cloud access are handled and assessed by using privacy protocols and assessment techniques which are also addressed. The trust issues in cloud computing has been addressed with different models. An inter-cloud and intra-cloud standard of cloud interoperability has been identified in order to highlight the challenges exist during the cloud interaction. The cloud resources are deployed over cloud environment with different models also faces a problem. This paper focuses on a recent survey related to the cloud interoperability, security, privacy and trust based on standards and guidelines have been analyzed. The overall focus on this paper is to establish an interoperability among different cloud service providers for effective interaction by maximizing the QoS of cloud computing.
Keywords: cloud computing; data privacy; open systems; security of data; trusted computing; QoS; assessment techniques; cloud access; cloud computing security issues; cloud environment; cloud interaction; cloud interoperability; cloud privacy; intercloud standard; intracloud standard; privacy issues; privacy protocols; service oriented concept; Cloud computing; Computational modeling; Interoperability; Privacy; Security; Standards; Cloud Interoperability; Privacy; Security; Standardization; Trust Management (ID#: 15-5264)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7019735&isnumber=7019573

Aouadi, M.H.E.; Toumi, K.; Cavalli, A., "On Modeling and Testing Security Properties of Vehicular Networks," Software Testing, Verification and Validation Workshops (ICSTW), 2014 IEEE Seventh International Conference on, pp. 42, 50, March 31 2014-April 4 2014. doi: 10.1109/ICSTW.2014.56
Abstract: In this paper a new model to formally represent some units of a vehicular network system is presented. We show how this formalism, based on finite state machines augmented with variables, allows us to represent such kind of system. We focus in a scenario of vehicle to infrastructure (V2I) communication with the Dynamic Route Planning (DRP) service as a case study. We enrich this model by a new negotiation scenario. Next, we present the notion of a test in our framework, and discuss some testing scenarios which compile some security and interoperability properties. To support the theoretical framework we translate the system specification on an IF code which we will use to generate test cases using the TestGen-IF tool. These test cases allow us to perform experiments to verify the security and interoperability properties.
Keywords: finite state machines; intelligent transportation systems; open systems; security of data; DRP service; IF code; TestGen-IF tool; V2I communication; dynamic route planning; finite state machines; interoperability properties; negotiation scenario; security property testing; vehicle to infrastructure; vehicular network system;Interoperability;Navigation;Roads;Security;Software;Testing;Vehicles (ID#: 15-5265)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6825637&isnumber=6825623

Genge, B.; Beres, A.; Haller, P., "A Survey On Cloud-Based Software Platforms To Implement Secure Smart Grids," Power Engineering Conference (UPEC), 2014 49th International Universities, pp. 1, 6, 2-5 Sept. 2014. doi: 10.1109/UPEC.2014.6934607
Abstract: Smart Grid has been characterized as the next generation power grid in which modern Information and Communication Technologies (ICT) will improve control, reliability and safety. Although the adoption of generic off-the-shelf ICT in Smart Grid provisions indisputable advantages and benefits, it raises several issues concerning the reliability and security of communications - the core infrastructure of Smart Grid. Cloud computing has developed and evolved over the past years becoming a real choice for Smart Grids infrastructure because of the availability, scalability, performance and interoperability that it offers. In this paper we present a survey of the existing cloud-based software platforms for implementing secure Smart Grids. Security issues like authentication and authorization of users, data encryption, availability, attacker impact, detection and trust management have received significant attention in previous work. Nevertheless, as shown in this paper, their integration and adaptation to emerging fields such as Smart Grid is still in an embryonic state. As such, we report recent advancements and software platforms specifically for Smart Grid and we outline several issues as well as suggestions for designing security-aware platforms for Smart Grid.
Keywords: cloud computing; open systems; power engineering computing; power system security; smart power grids; Information and Communication Technologies; cloud based software platform; cloud computing; generic off-the-shelf ICT; interoperability; next generation power grid safety control; secure smart grid infrastructure reliability; Availability; Cloud computing; Educational institutions; Encryption; Smart grids; Smart Grid; cloud computing; privacy; security (ID#: 15-5266)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6934607&isnumber=6934581

Brahma, S.; Kwiat, K.; Varshney, P.K.; Kamhoua, C., "Diversity and System Security: A Game Theoretic Perspective," Military Communications Conference (MILCOM), 2014 IEEE, pp. 146, 151, 6-8 Oct. 2014. doi: 10.1109/MILCOM.2014.30
Abstract: It has been argued that systems that are comprised of similar components (i.e., A monoculture) are more prone to attacks than a system that exhibits diversity. But it is not currently clear how much diversity is needed and how to leverage the underlying diversity in the design space. Here we attempt to study these issues using a Game Theoretic model comprised of multiple systems and an attacker. The model illustrates how the concept of the Nash Equilibrium provides a theoretical framework for designing strategic security solutions and how the mixed strategy solution space provides a conceptual basis for defining optimal randomization techniques that can exploit the underlying diversity. The paper also studies how strategic behavior influences the diversity and vulnerability of an overall system. Simulation results provide further insights into the effectiveness of our solution approach and the dynamics of strategic interaction in the context of system security.
Keywords: game theory; open systems; telecommunication security; Nash equilibrium; diversity;game theory; mixed strategy solution space; optimal randomization; system security; Circuit faults; Fault tolerant systems; Games; Redundancy; Security; Switches (ID#: 15-5267)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6956751&isnumber=6956719

Shafagh, H.; Hithnawi, A., "Poster Abstract: Security Comes First, a Public-key Cryptography Framework for the Internet of Things," Distributed Computing in Sensor Systems (DCOSS), 2014 IEEE International Conference on, pp. 135, 136, 26-28 May 2014. doi: 10.1109/DCOSS.2014.62
Abstract: Novel Internet services are emerging around an increasing number of sensors and actuators in our surroundings, commonly referred to as smart devices. Smart devices, which form the backbone of the Internet of Things (IoT), enable alternative forms of user experience by means of automation, convenience, and efficiency. At the same time new security and safety issues arise, given the Internet-connectivity and the interaction possibility of smart devices with human's proximate living space. Hence, security is a fundamental requirement of the IoT design. In order to remain interoperable with the existing infrastructure, we postulate a security framework compatible to standard IP-based security solutions, yet optimized to meet the constraints of the IoT ecosystem. In this ongoing work, we first identify necessary components of an interoperable secure End-to-End communication while incorporating Public-key Cryptography (PKC). To this end, we tackle involved computational and communication overheads. The required components on the hardware side are the affordable hardware acceleration engines for cryptographic operations and on the software side header compression and long-lasting secure sessions. In future work, we focus on integration of these components into a framework and the evaluation of an early prototype of this framework.
Keywords: IP networks; Internet; Internet of Things; open systems; public key cryptography; IP-based security solutions; Internet of Things; Internet services; Internet-connectivity; IoT; end-to-end communication; interoperability; public-key cryptography; safety issues; security issues; smart devices; Acceleration; Cryptography; Engines; Hardware; Internet of Things; Protocols (ID#: 15-5268)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6846155&isnumber=6846129

Neisse, R.; Fovino, I.N.; Baldini, G.; Stavroulaki, V.; Vlacheas, P.; Giaffreda, R., "A Model-Based Security Toolkit for the Internet of Things," Availability, Reliability and Security (ARES), 2014 Ninth International Conference on, pp. 78, 87, 8-12 Sept. 2014. doi: 10.1109/ARES.2014.17
Abstract: The control and protection of user data is a very important aspect in the design and deployment of the Internet of Things (IoT). The heterogeneity of the IoT technologies, the number of the participating devices and systems, and the different types of users and roles create important challenges in the IoT context. In particular, requirements of scalability, interoperability and privacy are difficult to address even with the considerable amount of existing work both in the research and standardization community. In this paper we propose a Model-based Security Toolkit, which is integrated in a management framework for IoT devices, and supports specification and efficient evaluation of security policies to enable the protection of user data. Our framework is applied to a Smart City scenario in order to demonstrate its feasibility and performance.
Keywords: Internet of Things; data privacy; formal specification; open systems; security of data; Internet of Things; IoT devices; Smart City scenario; interoperability requirement; model-based security toolkit; privacy requirement; scalability requirement; security policy evaluation; security policy specification; user data control; user data protection; Context; Context modeling; Data models; Data privacy; Graphical user interfaces; Security; Standardization; Internet of Things; Management; Security (ID#: 15-5269)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6980266&isnumber=6980232

Rajagopal, N.; Prasad, K.V.; Shah, M.; Rukstales, C., "A New Data Classification Methodology To Enhance Utility Data Security," Innovative Smart Grid Technologies Conference (ISGT), 2014 IEEE PES, pp. 1, 5, 19-22 Feb. 2014. doi: 10.1109/ISGT.2014.6816451
Abstract: Classification of data is an important step to strengthen the control of data, define how it is distributed, and who has access to the data. There are established practices among other industries like finance and banking. This paper describes a security framework for classification of data in electric utilities. Presently, data classification is viewed more from Information Security (IS) perspective with limited involvement of business functions. Present approach in utilities does not cover much of the data from Operational Technology (OT) systems. Implementation of Smart Grid increases the complexity of Data Classification with possibilities for dynamic data aggregation through enterprise level system integration. NIST Special Publication 800-60 provides guidelines to arrive at security classification based on broadly classified limited types of utility data. The new approach presented overcomes this limitation by mapping data types to appropriate interface categories based on the guidelines from Smart Grid Interoperability Panel (SGIP) - NISTIR 7628. Case study of a Data Classification exercise carried out for a North American Utility is presented. Some learnings and recommendations for enhancement of the approach are also discussed. A registry tool developed for Data Classification using the new approach is explained.
Keywords: data handling; electricity supply industry; open systems; pattern classification; power engineering computing; power system protection; power system security; security of data; smart power grids; NIST Special Publication 800-60;North American utility; SGIP; Smart Grid Interoperability Panel-NISTIR 7628;business functions; data classification complexity; data classification methodology; data control; data type mapping; dynamic data aggregation; electric utilities; enterprise level system integration; information security perspective; interface categories; security classification; security framework; smart grid; utility data security enhancement; NIST; Security; Smart grids; Critical Infrastructure Protection; Data Classification; Security; Security framework; Smart Grid (ID#: 15-5270)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6816451&isnumber=6816367

Bovet, G.; Hennebert, J., "Distributed Semantic Discovery for Web-of-Things Enabled Smart Buildings," New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on, pp. 1, 5,  March 30 2014-April 2 2014. doi: 10.1109/NTMS.2014.6814015
Abstract: Nowadays, our surrounding environment is more and more scattered with various types of sensors. Due to their intrinsic properties and representation formats, they form small islands isolated from each other. In order to increase interoperability and release their full capabilities, we propose to represent devices descriptions including data and service invocation with a common model allowing to compose mashups of heterogeneous sensors. Pushing this paradigm further, we also propose to augment service descriptions with a discovery protocol easing automatic assimilation of knowledge. In this work, we describe the architecture supporting what can be called a Semantic Sensor Web-of-Things. As proof of concept, we apply our proposal to the domain of smart buildings, composing a novel ontology covering heterogeneous sensing, actuation and service invocation. Our architecture also emphasizes on the energetic aspect and is optimized for constrained environments.
Keywords: Internet of Things; Web services; home automation; ontologies (artificial intelligence);open systems; software architecture; wireless sensor networks; actuator; data invocation; distributed semantic discovery protocols; interoperability; intrinsic properties; knowledge automatic assimilation; ontology covering heterogeneous sensor; semantic sensor Web of Things; service invocation; smart building; Ontologies; Resource description framework; Semantics; Sensors; Smart buildings; Web services (ID#: 15-5271)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6814015&isnumber=6813963

Amoah, R.; Suriadi, S.; Camtepe, S.; Foo, E., "Security Analysis Of The Non-Aggressive Challenge Response Of The DNP3 Protocol Using A CPN Model," Communications (ICC), 2014 IEEE International Conference on, pp. 827, 833, 10-14 June 2014. doi: 10.1109/ICC.2014.6883422
Abstract: Distributed Network Protocol Version 3 (DNP3) is the de-facto communication protocol for power grids. Standard-based interoperability among devices has made the protocol useful to other infrastructures such as water, sewage, oil and gas. DNP3 is designed to facilitate interaction between master stations and outstations. In this paper, we apply a formal modelling methodology called Coloured Petri Nets (CPN) to create an executable model representation of DNP3 protocol. The model facilitates the analysis of the protocol to ensure that the protocol will behave as expected. Also, we illustrate how to verify and validate the behaviour of the protocol, using the CPN model and the corresponding state space tool to determine if there are insecure states. With this approach, we were able to identify a Denial of Service (DoS) attack against the DNP3 protocol.
Keywords: Petri nets; SCADA systems; computer network security; graph colouring; open systems; power grids; protocols; CPN model;DNP3 protocol; coloured Petri nets; de-facto communication protocol; denial of service attack; distributed network protocol version 3;executable model representation; formal modelling methodology; insecure states; master stations; nonaggressive challenge response;outstations; power grids; security analysis; standard-based interoperability; state space tool; Analytical models; Authentication; Data models; Image color analysis; Protocols; Standards; Coloured Petri Nets (CPN);Distributed Network Protocol Version 3 (DNP3); NonAggressive Challenge Response (NACR);Supervisory Control and Data Acquisition Systems (SCADA) (ID#: 15-5272)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6883422&isnumber=6883277

Hitefield, S.; Nguyen, V.; Carlson, C.; O'Shea, T.; Clancy, T., "Demonstrated LLC-Layer Attack And Defense Strategies For Wireless Communication Systems," Communications and Network Security (CNS), 2014 IEEE Conference on, pp. 60, 66, 29-31 Oct. 2014. doi: 10.1109/CNS.2014.6997466
Abstract: In this work we demonstrate an over-the-air capability to exploit software weaknesses in the signal processing code implementing the physical and link layers of the OSI stack. Our test bed includes multiple nodes leveraging both GNU Radio and the Universal Software Radio Peripheral to demonstrate these attacks and corresponding defensive strategies. More specifically, we examine two duplex modem implementations, continuous wave and OFDM, and a link layer framing protocol vulnerable to buffer overflow attacks. We also discuss possible attacks against the network layer and above by exploiting a waveform utilizing the GNU Radio tunnel/tap block, which allows the waveform to directly interact with the Linux kernel's network stack. Lastly, we consider several different defensive countermeasures, both active and passive, for detecting vulnerabilities in the waveform implementation and also detecting malicious activity in the system. These mitigation strategies should be used to protect communications systems from succumbing to similar classes of attacks.
Keywords: Linux; OFDM modulation; modems; open systems; operating system kernels; protocols; radio networks; signal processing; software radio; telecommunication security; GNU radio tunnel; LLC-layer attack; Linux kernel network stack; OFDM; OSI stack; buffer overflow attack; communication system protection; continuous wave; duplex modem implementation; link layer framing protocol; malicious activity detection; physical layer; signal processing code implemention; universal software radio peripheral; wireless communication system; OFDM; Payloads; Protocols; Receivers; Security; Software; Wireless communication (ID#: 15-5273)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6997466&isnumber=6997445

Ficco, M.; Tasquier, L.; Aversa, R., "Agent-Based Intrusion Detection for Federated Clouds," Intelligent Networking and Collaborative Systems (INCoS), 2014 International Conference on, pp. 586, 591, 10-12 Sept. 2014. doi: 10.1109/INCoS.2014.93
Abstract: In the last years, the cloud services market has experienced an extremely rapid growth, as reported in several market research reports, which may lead to severe scalability problems. Therefore, federating multiple clouds is enjoying a lot of attention from the academic and commercial point of views. In this context, publish-subscribe is a widely used paradigm to support the interoperability of federated clouds. In this paper, we describe some potential vulnerabilities of a publish-subscribe based federated cloud system. In particular, we propose an agent-based system that aims at monitoring security vulnerabilities that affect such kind of inter-cloud cooperation solutions.
Keywords: cloud computing; message passing; middleware; open systems; security of data; agent-based intrusion detection; federated cloud interoperability; Intercloud cooperation solutions; publish-subscribe based federated cloud system; security vulnerabilities; Force; Measurement; Middleware; Monitoring; Probes; Security; Subscriptions; Cloud federation; agent-based approach; denial of service; intrusion detection; publish-subscribem (ID#: 15-5274)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7057154&isnumber=7057036

Draper-Gil, G.; Ferrer-Gomila, J.L.; Hinarejos, M.F.; Tauber, A., "An Optimistic Certified E-Mail Protocol For The Current Internet E-Mail Architecture," Communications and Network Security (CNS), 2014 IEEE Conference on, pp. 382, 390, 29-31 Oct. 2014. doi: 10.1109/CNS.2014.6997507
Abstract: Certified mail is a service where an item is delivered to the recipient in exchange of an evidence as proof he has received this item. Therefore certified e-mail should be a service where an e-mail is delivered to its recipient in exchange of evidence proving the recipient has received this e-mail. Even though there are several scientific proposals for certified e-mail (ce-mail), the only real applications we can find offering ce-mail services come from private companies or the public administration. All of them are designed with independence of traditional e-mail infrastructures, tailored to custom needs (private companies and administration) and do not address interoperability between different systems. This explains why scientific proposals have not reach the implementation phase and why existent proposals are not widespread. In this paper we present a ce-mail solution designed taking into account the existent Internet e-mail infrastructure, providing all the required evidence about the submission and the receipt of certified e-mails.
Keywords: Internet; electronic mail; open systems; protocols; public administration; Internet e-mail architecture; ce-mail; certified mail service; e-mail infrastructures; interoperability; optimistic certified e-mail protocol; private companies; public administration; Conferences; Electronic mail; Internet; Postal services; Proposals; Protocols; Security; certified delivery; certified e-mail; e-mail security; fair-exchange (ID#: 15-5275)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6997507&isnumber=6997445

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.