Risk Estimation 2015
SoS Newsletter- Advanced Book Block
Risk Estimation 2015 |
Risk estimation is relevant to the Science of Security hard problems of predictive metrics, human behavior, and resilience. The work cited here was presented in 2015.
Vukovic, M.; Skocir, P.; Katusic, D.; Jevtic, D.; Trutin, D.; Delonga, L., "Estimating Real World Privacy Risk Scenarios," in Telecommunications (ConTEL), 2015 13th International Conference on, vol., no., pp.1-7, 13-15 July 2015. doi: 10.1109/ConTEL.2015.7231214
Abstract: User privacy is becoming an issue on the Internet due to common data breaches and various security threats. Services tend to require private user data in order to provide more personalized content and users are typically unaware of potential risks to their privacy. This paper continues our work on the proposed user privacy risk calculator based on a feedforward neural network. Along with risk estimation, we provide the users with real world example scenarios that depict privacy threats according to selected input parameters. In this paper, we present a model for selecting the most probable real world scenario, presented as a comic, and thus avoid overwhelming the user with lots of information that he/she may find confusing. Most probable scenario estimations are performed by artificial neural network that is trained with real world scenarios and estimated probabilities from real world occurrences. Additionally, we group real world scenarios into categories that are presented to the user as further reading regarding privacy risks.
Keywords: data privacy; feedforward neural nets; learning (artificial intelligence); probability; artificial neural network training; data breach; feed-forward neural network; input parameter selection; personalized content; privacy risks; privacy threats; private user data; probabilities; real-world privacy risk scenario estimation; risk estimation; security threats; user privacy; user privacy risk calculator; Calculators; Electronic mail; Estimation; Internet; Law; Privacy (ID#: 16-9302)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7231214&isnumber=7231179
Kasmi, C.; Lallechere, S.; Girard, S.; Prouff, E.; Paladian, F.; Bonnet, P., "Optimization of Experimental Procedure In EMC using Re-Sampling Techniques," in Electromagnetic Compatibility (EMC), 2015 IEEE International Symposium on, pp.1238-1242, 16-22 Aug. 2015. doi: 10.1109/ISEMC.2015.7256347
Abstract: Recent studies have shown a high interest in statistical methods dedicated to the prediction of the maximum confidence in simulation and measurements for Electromagnetic Compatibility. In particular, it has been shown that one of the main issues remains the access to a number of samples allowing estimating the risks with regard to the test set-up random variables. In this paper it is argued that re-sampling techniques, also called bootstrapping procedures, enable to optimize the number of experiments while estimating the maximum confidence level of the accessible samples.
Keywords: electromagnetic compatibility; optimisation; statistical analysis; EMC; bootstrapping procedures; electromagnetic compatibility; experimental procedure optimization; re-sampling techniques; risk estimation; set-up random variables; statistical methods; Convergence; Electromagnetic compatibility; Estimation; Optimization; Silicon; Sociology; Standards; Electromagnetic Compatibility; Experiments optimization; Statistical methods (ID#: 16-9303)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7256347&isnumber=7256113
Aldini, A.; Seigneur, J.-M.; Lafuente, C.B.; Titi, X.; Guislain, J., "Formal Modeling and Verification of Opportunity-enabled Risk Management," in Trustcom/BigDataSE/ISPA, 2015 IEEE, vol. 1, pp. 676-684, 20-22 Aug. 2015. doi: 10.1109/Trustcom.2015.434
Abstract: With the advent of the Bring-Your-Own-Device (BYOD) trend, mobile work is achieving a widespread diffusion that challenges the traditional view of security standard and risk management. A recently proposed model, called opportunity-enabled risk management (OPPRIM), aims at balancing the analysis of the major threats that arise in the BYOD setting with the analysis of the potential increased opportunities emerging in such an environment, by combining mechanisms of risk estimation with trust and threat metrics. Firstly, this paper provides a logic-based formalization of the policy and metric specification paradigm of OPPRIM. Secondly, we verify the OPPRIM model with respect to the socio-economic perspective. More precisely, this is validated formally by employing tool-supported quantitative model checking techniques.
Keywords: formal specification; formal verification; mobile computing; risk management; security of data; BYOD trend; OPPRIM model; bring-your-own-device; formal modeling; formal verification; logic-based formalization; metric specification paradigm; mobile work; opportunity-enabled risk management; risk management; security standard; socio-economic perspective; threat metric; tool-supported quantitative model checking techniques; trust metric; Access control; Companies; Measurement; Mobile communication; Real-time systems; Risk management; BYOD; model checking; opportunity analysis; risk management (ID#: 16-9304)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7345342&isnumber=7345233
Abbinaya, S.; Kumar, M.S., "Software Effort and Risk Assessment using Decision Table Trained by Neural Networks," in Communications and Signal Processing (ICCSP), 2015 International Conference on, pp. 1389-1394, 2-4 April 2015. doi: 10.1109/ICCSP.2015.7322738
Abstract: Software effort estimations are based on prediction properties of system with attention to develop methodologies. Many organizations follow the risk management but the risk identification techniques will differ. In this paper, we focus on two effort estimation techniques such as use case point and function point are used to estimate the effort in the software development. The decision table is used to compare these two methods to analyze which method will produce the accurate result. The neural network is used to train the decision table with the use of back propagation training algorithm and compare these two effort estimation methods (use case point and function point) with the actual effort. By using the past project data, the estimation methods are compared. Similarly risk will be evaluated by using the summary of questionnaire received from the various software developers. Based on the report, we can also mitigate the risk in the future process.
Keywords: decision tables; learning (artificial intelligence); neural nets; risk management; software engineering; decision table; neural networks; risk assessment; risk identification techniques; software development; software effort; Algorithm design and analysis; Lead; Security; artificial neural network; back propagation; decision table; feed forward neural networks; function point; regression; risk evaluation; software effort estimation; use case point (ID#: 16-9305)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7322738&isnumber=7322423
Abd Latif, Z.; Mohamad, M.H., "Mapping of Dengue Outbreak Distribution Using Spatial Statistics and Geographical Information System," in Information Science and Security (ICISS), 2015 2nd International Conference on, pp. 1-6, 14-16 Dec. 2015. doi: 10.1109/ICISSEC.2015.7371016
Abstract: This study presents spatial analysis of Dengue Fever (DF) outbreak using Geographic Information System (GIS) in the state of Selangor, Malaysia. DF is an Aedes mosquito-borne disease. The aim of the study is to map the spread of DF outbreak in Selangor by producing a risk map while the objective is to identify high risk areas of DF by producing a risk map using GIS tools. The data used was DF dengue cases in 2012 obtained from Ministry of Health, Malaysia. The analysis was carried out using Moran's I, Average Nearest Neighbor (ANN), Kernel Density Estimation (KDE) and buffer analysis using GIS. From the Moran's I analysis, the distribution pattern of DF in Selangor clustered. From the ANN analysis, the result shows a dispersed pattern where the ratio is more than 1. The third analysis was based on KDE to locate the hot spot location. The result shows that some districts are classified as high risk areas which are Ampang, Damansara, Kapar, Kajang, Klang, Semenyih, Sungai Buloh and Petaling. The buffer analysis, area ranges between 200m. to 500m. above sea level shows a clustered pattern where the highest frequent cases in the year are at the same location. It was proven that the analysis based on the spatial statistic, spatial interpolation, and buffer analysis can be used as a method in controlling and locating the DF affection with the aid of GIS.
Keywords: data analysis; diseases; estimation theory; geographic information systems; pattern classification; risk analysis; ANN; Aedes mosquito-borne disease; GIS; KDE; average nearest neighbor; buffer analysis; dengue fever outbreak distribution; geographical information system; kernel density estimation; risk map; spatial statistics; Artificial neural networks; Diseases; Estimation; Geographic information systems; Kernel; Rivers; Urban areas (ID#: 16-9306)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7371016&isnumber=7370954
Llanso, T.; Dwivedi, A.; Smeltzer, M., "An Approach for Estimating Cyber Attack Level of Effort," in Systems Conference (SysCon), 2015 9th Annual IEEE International, pp. 14-19, 13-16 April 2015
doi: 10.1109/SYSCON.2015.7116722
Abstract: Timely risk assessments allow organizations to gauge the degree to which cyber attacks threaten their mission/business objectives. Risk plots in such assessments typically include cyber attack likelihood values along with the impact. This paper describes an algorithm and an associated model that allow for estimation of one aspect of cyber attack likelihood, attack level of effort. The approach involves the use of an ordinal set of standardized attacker tiers, associated attacker capabilities, and protections (security controls) required to resist those capabilities.
Keywords: business data processing; organisational aspects; risk management; security of data; attacker capability; business objective; cyber attack likelihood value; mission objective; organizations; risk assessment; security control; standardized attacker tier; Context; NIST; Risk management; Security; Unified modeling language; Attack; Cyber; Level of Effort; Risk (ID#: 16-9307)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7116722&isnumber=7116715
Darimont, R.; Ponsard, C., "Supporting Quantitative Assessment of Requirements in Goal Orientation," in Requirements Engineering Conference (RE), 2015 IEEE 23rd International, pp. 290-291, 24-28 Aug. 2015. doi: 10.1109/RE.2015.7320443
Abstract: Goal-Orientation provides a rich framework for reasoning about systems during the Requirements Engineering (RE) phase. While critical properties like safety or security can require formal semantics, performing quantitative reasoning on semi-formal models in a much more lightweight approach reveals to be sufficient in many projects. Most of the time, existing RE tools only target specific quantification scenarios or do not provide easy mechanisms for implementing them. In order to demonstrate the ability to provide mechanisms that are both generic and powerful, we developed an extension of the Objectiver tool in three directions: (1) internal reasoning capabilities on AND-OR goal/obstacles structures, (2) close integration with an external spreadsheet application and (3) model export for building assessment tools using model-driven engineering techniques. We also demonstrate how our approach can cope with a variety of industrial scenarios requiring some form of quantification such as risk analysis, selection of design alternatives, effort estimation, and assessment of customer satisfaction.
keywords: formal specification; systems analysis; AND-OR goal-obstacles structures; RE phase; external spreadsheet application; formal semantics; goal orientation; model-driven engineering techniques; objectiver tool; requirements engineering; requirements quantitative assessment; semiformal models; Analytical models; Cognition; Estimation; Requirements engineering; Safety; Statistical analysis; Unified modeling language (ID#: 16-9308)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7320443&isnumber=7320393
Wenxia Liu; He Li; Huiting Xu; Jianhua Zhang; Dehua Zheng, "Transmission Expansion Planning Based on Hybrid EDA/DE Algorithm Considering Wind Power Penetration," in PowerTech, 2015 IEEE Eindhoven, pp. 1-6, June 29 2015-July 2 2015. doi: 10.1109/PTC.2015.7232538
Abstract: It poses high requirements for the calculation speed and the precision of the solving method when we consider the large-scale transmission expansion planning (TEP) problems. Therefore, combined with the respective characteristics of EDA (Distribution of Estimation Algorithm) and DE (Differential Evolution algorithm), this paper puts forward a new hybrid EDA/DE algorithm for large-scale TEP problems. Meanwhile, it improves the updating mechanism of probabilistic model of EDA based on the characteristics of the TEP problems. Considering the investments of grid company, the new energy incentive politics and network security constraints, this paper proposes a multi-objective static planning model for the TEP considering wind power penetration, which takes the comprehensive cost, the wind curtailment and the risk value into consideration. Finally, a specific example is applied in this paper to verify the applicability and effectiveness of the proposed model and algorithm.
Keywords: evolutionary computation; investment; power transmission economics; power transmission planning; wind power plants; differential evolution algorithm; distribution of estimation algorithm; energy incentive politics; grid company investments; hybrid EDA/DE algorithm; multiobjective static planning model; network security constraints; transmission expansion planning; wind power penetration; Analytical models; Computational modeling; Generators; Probabilistic logic; Differential Evolution; Estimation of Distribution Algorithm; Transmission Expansion Planning; Wind Power Penetration (ID#: 16-9309)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7232538&isnumber=7232233
Chessa, M.; Grossklags, J.; Loiseau, P., "A Game-Theoretic Study on Non-monetary Incentives in Data Analytics Projects with Privacy Implications," in Computer Security Foundations Symposium (CSF), 2015 IEEE 28th, pp. 90-104, 13-17 July 2015. doi: 10.1109/CSF.2015.14
Abstract: The amount of personal information contributed by individuals to digital repositories such as social network sites has grown substantially. The existence of this data offers unprecedented opportunities for data analytics research in various domains of societal importance including medicine and public policy. The results of these analyses can be considered a public good which benefits data contributors as well as individuals who are not making their data available. At the same time, the release of personal information carries perceived and actual privacy risks to the contributors. Our research addresses this problem area. In our work, we study a game-theoretic model in which individuals take control over participation in data analytics projects in two ways: 1) individuals can contribute data at a self-chosen level of precision, and 2) individuals can decide whether they want to contribute at all (or not). From the analyst's perspective, we investigate to which degree the research analyst has flexibility to set requirements for data precision, so that individuals are still willing to contribute to the project, and the quality of the estimation improves. We study this tradeoffs scenario for populations of homogeneous and heterogeneous individuals, and determine Nash equilibrium that reflect the optimal level of participation and precision of contributions. We further prove that the analyst can substantially increase the accuracy of the analysis by imposing a lower bound on the precision of the data that users can reveal.
Keywords: data analysis; data privacy; game theory; incentive schemes; social networking (online); Nash equilibrium; data analytics; digital repositories; game theoretic study; nonmonetary incentives; personal information; privacy implications; social network sites; Data privacy; Estimation; Games; Noise; Privacy; Sociology; Statistics; Non-cooperative game; data analytics; non-monetary incentives; population estimate; privacy; public good (ID#: 16-9310)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7243727&isnumber=7243713
Orojloo, H.; Azgomi, M.A., "Evaluating the Complexity and Impacts of Attacks on Cyber-Physical Systems," in Real-Time and Embedded Systems and Technologies (RTEST), 2015 CSI Symposium on, pp. 1-8, 7-8 Oct. 2015. doi: 10.1109/RTEST.2015.7369840
Abstract: In this paper, a new method for quantitative evaluation of the security of cyber-physical systems (CPSs) is proposed. The proposed method models the different classes of adversarial attacks against CPSs, including cross-domain attacks, i.e., cyber-to-cyber and cyber-to-physical attacks. It also takes the secondary consequences of attacks on CPSs into consideration. The intrusion process of attackers has been modeled using attack graph and the consequence estimation process of the attack has been investigated using process model. The security attributes and the special parameters involved in the security analysis of CPSs, have been identified and considered. The quantitative evaluation has been done using the probability of attacks, time-to-shutdown of the system and security risks. The validation phase of the proposed model is performed as a case study by applying it to a boiling water power plant and estimating the suitable security measures.
Keywords: cyber-physical systems; estimation theory; graph theory; probability; security of data; CPS; attack graph; attack probability; consequence estimation process; cross-domain attack; cyber-physical system security; cyber-to-cyber attack; cyber-to-physical attack; security attributes; security risks; time-to-shutdown; Actuators; Computer crime; Cyber-physical systems; Process control; Sensor phenomena and characterization; Cyber-physical systems; attack consequences; modeling; quantitative security evaluation (ID#: 16-9311)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7369840&isnumber=7369836
Sahnoune, Z.; Aimeur, E.; El Haddad, G.; Sokoudjou, R., "Watch Your Mobile Payment: An Empirical Study of Privacy Disclosure," in Trustcom/BigDataSE/ISPA, 2015 IEEE, vol. 1, pp. 934-941, 20-22 Aug. 2015. doi: 10.1109/Trustcom.2015.467
Abstract: Using a smartphone as payment device has become a highly attractive feature that is increasingly influencing user acceptance. Electronic wallets, near field communication, and mobile shopping applications, are all incentives that push users to adopt m-payment. Hence, this makes the sensitive data that already exists on everyone's smartphone easily collated to their financial transaction details. In fact, misusing m-payment can be a real privacy threat. The existing privacy issues regarding m-payment are already numerous, and can be caused by different factors. We investigate, through an empirical survey-based study, the different factors and their potential correlations and regression values. We identify three factors that influence directly privacy disclosure: the user's privacy concerns, his risk perception, and the protection measure appropriateness. These factors are impacted by indirect ones, which are linked to the users' and the technology's characteristics, and the behaviour of institutions and companies. In order to analyse the impact of each factor, we define a new research model for privacy disclosure based on several hypotheses. The study is mainly based on a five-item scale survey, and on the modelling of structural equations. In addition to the impact estimations for each factor, our study results indicate that the privacy disclosure in m-payment is primarily caused by the "protection measure appropriateness", which, in its turn, impacted by "the m-payment convenience". We discuss in this paper the research model, the methodology, the findings and their significance.
Keywords: Internet; data privacy; human factors; mobile commerce; near-field communication; regression analysis; risk analysis; smart phones; electronic wallets; financial transaction details; m-payment; mobile payments; mobile shopping applications; near field communication; payment device; privacy disclosure; privacy threat; regression values; risk perception; smartphone; structural equation modelling; technology characteristics; user acceptance; user privacy concerns; Context; Data privacy; Mobile communication; Mobile handsets; Privacy; Security; Software; m-payment; privacy concerns; privacy disclosure; privacy perception; privacy policies; structural equation modeling (ID#: 16-9312)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7345375&isnumber=7345233
Chi-Ping Lin; Chuen-Fa Ni; I-Hsian Li; Chih-Heng Lu, "Stochastic Delineation of Well Capture Zones in Aquifers of Choushui River Alluvial Fan in Central Taiwan," in Security Technology (ICCST), 2015 International Carnahan Conference on, pp. 427-432, 21-24 Sept. 2015. doi: 10.1109/CCST.2015.7389722
Abstract: The delineation of well capture zones is of great importance to accurately define well head protection area (WHPA) for potential groundwater resources and the public security. Natural aquifer systems typically involve different extent of heterogeneity in aquifer parameters and such parameter variations can directly influence the estimations of flow fields and the delineations of WHPAs. This study employs an unconditional approximate spectral method (ASM) associated with backward particle tracking algorithm to delineate stochastic well capture zones in aquifers of Choushui River alluvial fan (CRAF) in central Taiwan. The analysis integrates hourly-recorded groundwater observations from 1995 to 2013 to be the mean flow field. We implement the developed model to 187 Taiwan Water Corporation (TWC) wells for domestic water supplies in CRAF. With predefined small-scale heterogeneity for hydraulic conductivity, the uncertainty of capture zones are obtained based on the observed pumping rates at TWC wells. Results of the analyses show that the average distances of mean capture zones in the first layer of CRAF are about one kilometer from the TWC wells. The small-scale hydraulic conductivity can induce capture zone uncertainties ranging from meters to tens of meters in one year depending on the complexity of the flow field. The uncertainty zones of WHPA in CRAF can be served as the basis to conduct risk analysis for drinking water.
Keywords: groundwater; rivers; water supply; AD 1995 to 2013; Choushui river alluvial fan; Taiwan water corporation; WHPA delineation; approximate spectral method; aquifer parameter; aquifer system; backward particle tracking algorithm; central Taiwan; domestic water supply; drinking water; groundwater observation; groundwater resource; hydraulic conductivity; well capture zone stochastic delineation; well head protection area; Bandwidth; Geology; Monitoring; Rivers; Stochastic processes ;Uncertainty; Water pollution; Choushui River alluvial fan; approximate spectral method; capture zone; heterogeneity (ID#: 16-9313)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7389722&isnumber=7389647
Junqing Zhang; Woods, R.; Marshall, A.; Duong, T.Q., "An Effective Key Generation System using Improved Channel Reciprocity," in Acoustics, Speech and Signal Processing (ICASSP), 2015 IEEE International Conference on, pp. 1727-1731, 19-24 April 2015. doi: 10.1109/ICASSP.2015.7178266
Abstract: In physical layer security systems there is a clear need to exploit the radio link characteristics to automatically generate an encryption key between two end points. The success of the key generation depends on the channel reciprocity, which is impacted by the non-simultaneous measurements and the white nature of the noise. In this paper, an OFDM subcarriers' channel responses based key generation system with enhanced channel reciprocity is proposed. By theoretically modelling the OFDM subcarriers' channel responses, the channel reciprocity is modelled and analyzed. A low pass filter is accordingly designed to improve the channel reciprocity by suppressing the noise. This feature is essential in low SNR environments in order to reduce the risk of the failure of the information reconciliation phase during key generation. The simulation results show that the low pass filter improves the channel reciprocity, decreases the key disagreement, and effectively increases the success of the key generation.
Keywords: OFDM modulation; cryptography; interference suppression; low-pass filters; radiofrequency interference; risk management; telecommunication network reliability; telecommunication security; wireless channels; OFDM subcarriers channel responses based key generation system; automatic encryption key generation; channel reciprocity improvement; failure risk reduction; information reconciliation phase; low pass filter; noise suppression; nonsimultaneous measurements; physical layer security systems; wireless channel; Analytical models; Channel estimation; Mathematical model; OFDM; Security; Signal to noise ratio; Physical layer security; channel reciprocity; key disagreement; key generation; low pass filter (ID#: 16-9314)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7178266&isnumber=7177909
Sen, A.; Madria, S., "A Risk Assessment Framework for Wireless Sensor Networks in a Sensor Cloud," in Mobile Data Management (MDM), 2015 16th IEEE International Conference on, vol. 2, pp. 38-41, 15-18 June 2015. doi: 10.1109/MDM.2015.52
Abstract: A Sensor cloud framework is composed of various heterogeneous wireless sensor networks (WSNs) integrated with the cloud platform. Integration with the cloud platform, in addition to the inherent resource and power constrained nature of the sensor nodes makes these WSNs belonging to a sensor cloud susceptible to security attacks. As such there is a need to formulate effective and efficient security measures for such an environment. But in doing so, requires an understanding of the likelihood and impact of different attacks feasible on the WSNs. In this paper, we propose a risk assessment framework for the WSNs belonging to a sensor cloud. The proposed risk assessment framework addresses the feasible set of attacks on a WSN identifying the relationships between them and thus estimating their likelihood and impact. This kind of assessment will give the security administrator a better perspective of their network and help formulating the required security measures.
Keywords: risk management; telecommunication security; wireless sensor networks; WSN; heterogeneous wireless sensor network; risk assessment framework; security attack; sensor cloud; Bayes methods; Clouds; Degradation; Estimation; Risk management; Security; Wireless sensor networks (ID#: 16-9315)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7264369&isnumber=7264347
Gorton, D., "Modeling Fraud Prevention of Online Services Using Incident Response Trees and Value at Risk," in Availability, Reliability and Security (ARES), 2015 10th International Conference on, pp. 149-158, 24-27 Aug. 2015. doi: 10.1109/ARES.2015.17
Abstract: Authorities like the Federal Financial Institutions Examination Council in the US and the European Central Bank in Europe have stepped up their expected minimum security requirements for financial institutions, including the requirements for risk analysis. In a previous article, we introduced a visual tool and a systematic way to estimate the probability of a successful incident response process, which we called an incident response tree (IRT). In this article, we present several scenarios using the IRT which could be used in a risk analysis of online financial services concerning fraud prevention. By minimizing the problem of underreporting, we are able to calculate the conditional probabilities of prevention, detection, and response in the incident response process of a financial institution. We also introduce a quantitative model for estimating expected loss from fraud, and conditional fraud value at risk, which enables a direct comparison of risk among online banking channels in a multi-channel environment.
Keywords: Internet; computer crime; estimation theory; financial data processing; fraud; probability; risk analysis; trees (mathematics); IRT; conditional fraud value; cyber criminal; fraud prevention modelling; incident response tree; online financial service; probability estimation; risk analysis; Europe; Online banking; Probability; Trojan horses (ID#: 16-9316)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7299908&isnumber=7299862
Collins, K.; Goossens, B., "Cost Effective V&V for Guidance Systems using Enhanced Ground Testing (EGT)," in IEEE AUTOTESTCON, 2015, pp. 244-250, 2-5 Nov. 2015. doi: 10.1109/AUTEST.2015.7356497
Abstract: Strategic missile systems perform an important role in safe guarding our national security. These systems use inertial guidance systems to navigate and control the missile to its intended target. As military budgets shrink, maintaining schedule and cost for the development and sustainment of these complex systems is paramount. Early prototyping combined with ongoing requirements verification in the system development cycle is critical to reduce schedule and cost risks. Verification and Validation programs must verify requirements and instill confidence that the system will perform as intended with minimal flight testing. The Enhanced Ground Testing (EGT) program was developed at Draper Laboratory to address these risks. EGT tests the guidance system in tactically representative environments as a part of system verification and validation. Multiple test cells are used to simulate the missile environments the guidance system will encounter during flight. For Navy MK6 MOD 1 EGT, these test cells consist of an Aircraft F-15E Pod, Centrifuge, and Dynamic Shaker. The test cells support profiles for environmental thermal, vibration / shock, and linear acceleration and provide test data for reliability and accuracy assessments. An EGT program provides design confidence, enables predictive methods for accuracy and reliability degradation, and is a cost effective way to complement flight test programs.
Keywords: aircraft testing; military aircraft; missile guidance; national security; reliability; vibrations; Draper Laboratory; Navy MK6 MOD 1 EGT program; aircraft F-15E pod; cost effective V&V; cost risk reduction; dynamic shaker; enhanced ground testing; environmental thermal; flight test program; guidance system; inertial guidance system; linear acceleration; missile control; missile navigation; national security; reliability assessment; strategic missile system; verification and validation program; Cooling; Degradation; Life estimation; Missiles; Reliability; Testing; Timing; enhanced ground test; strategic guidance system; verification and validation (ID#: 16-9317)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7356497&isnumber=7356451
Carlini, E.M.; Pecoraro, G.; Tina, G.M.; Quaciari, C., "Risk-Based Probabilistic Approach to Estimate Power System Security in the Sicilian Context," in Clean Electrical Power (ICCEP), 2015 International Conference on, pp. 737-742, 16-18 June 2015. doi: 10.1109/ICCEP.2015.7177573
Abstract: The quality of the transmission service, in Italy, is managed by the TSO. Although the transmission network is meshed, it often happens a disconnection of some users (cabins processing business distributor or customers AT) due to a fault. The Authority issued the well-defined guidelines that regulate payments and premiums which the TSO is subject. The outages may occur due to events occurring at atypical structure of the network, or in areas normally fed in radial mode. To date, in Italy, there is no risk analysis based on probabilistic considerations taken from historical data in: this article presents a platform able to estimate the risk, taking into account the directives of the Authority. By consulting this platform in the planning stage of a unavailability, the TSO will be aware of the risk and it can decide whether to take corrective action and / or preventive actions to reduce it. In addition, the proposed study, is the basis of the probabilistic assessment of the safety of the electrical system.
Keywords: electrical safety; power system management; power system security; power transmission faults; power transmission planning; power transmission reliability; risk analysis; Sicilian context; TSO; electrical system safety; power outage; power system security estimation; risk-based probabilistic approach; transmission network planning; transmission service quality; Gravity; Indexes; Probabilistic logic; Probability; Software; Springs (ID#: 16-9318)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7177573&isnumber=7177533
Ankarali, Z.E.; Demir, A.F.; Qaraqe, M.; Abbasi, Q.H.; Serpedin, E.; Arslan, H.; Gitlin, R.D., "Physical Layer Security for Wireless Implantable Medical Devices," in Computer Aided Modelling and Design of Communication Links and Networks (CAMAD), 2015 IEEE 20th International Workshop on, pp. 144-147, 7-9 Sept. 2015. doi: 10.1109/CAMAD.2015.7390497
Abstract: Wireless communications are increasingly important in health-care applications, particularly in those that use implantable medical devices (IMDs). Such systems have many advantages in providing remote healthcare in terms of monitoring, treatment and prediction for critical cases. However, the existence of malicious adversaries, referred to as nodes, which attempt to control implanted devices, constitutes a critical risk for patients. Such adversaries may perform dangerous attacks by sending malicious commands to the IMD, and any weakness in the device authentication mechanism may result in serious problems including death. In this paper we present a physical layer (PHY) authentication technique for IMDs that does not use existing methods of cryptology. In addition to ensuring authentication, the proposed technique also provides advantages in terms of decreasing processing complexity of IMDs and enhances overall communications performance.
Keywords: biomedical communication; biomedical electronics; body area networks; cryptographic protocols; health care; prosthetics; PHY authentication technique; critical case monitoring; critical case prediction; critical case treatment; death; device authentication mechanism; health care applications; nodes; physical layer security; remote healthcare; wireless communications; wireless implantable medical devices; Authentication; Bit error rate; Channel estimation; Jamming; Performance evaluation; Wireless communication; Body area networks; implantable medical devices (IMDs); in-vivo wireless communications; security (ID#: 16-9319)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7390497&isnumber=7390465
Langer, L.; Smith, P.; Hutle, M., "Smart Grid Cybersecurity Risk Assessment," in Smart Electric Distribution Systems and Technologies (EDST), 2015 International Symposium on, pp. 475-482, 8-11 Sept. 2015. doi: 10.1109/SEDST.2015.7315255
Abstract: As much as possible, it is important that the smart grid is secure from cyber-attacks. A vital part of ensuring the security of smart grids is to perform a cybersecurity risk assessment that methodically examines the impact and likelihood of cyber-attacks. Based on the outcomes of a risk assessment, security requirements and controls can be determined that inform architectural choices and address the identified risks. Numerous high-level risk assessment methods and frameworks are applicable in this context. A method that was developed specifically for smart grids is the Smart Grid Information Security (SGIS) toolbox, which we applied to a voltage control and power flow optimization smart grid use case. The outcomes of the assessment indicate that physical consequences could occur because of cyber-attacks to information assets. Additionally, we provide reflections on our experiences with the SGIS toolbox, in order to support others in the community when implementing their own risk assessment for the smart grid.
Keywords: control engineering computing; load flow control; power system analysis computing; power system security; risk management; security of data; smart power grids; voltage control; SGIS toolbox; architectural choices; cyber-attacks; information assets; power flow optimization; security requirements; smart grid cybersecurity risk assessment; smart grid information security toolbox; voltage control; Density estimation robust algorithm; Reactive power; Risk management;Security; Smart grids; Voltage control; Voltage measurement; SGIS toolbox; cybersecurity; risk assessment; smart grid (ID#: 16-9320)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7315255&isnumber=7315169
Jauhar, S.; Binbin Chen; Temple, W.G.; Xinshu Dong; Kalbarczyk, Z.; Sanders, W.H.; Nicol, D.M., "Model-Based Cybersecurity Assessment with NESCOR Smart Grid Failure Scenarios," in Dependable Computing (PRDC), 2015 IEEE 21st Pacific Rim International Symposium on, pp. 319-324, 18-20 Nov. 2015. doi: 10.1109/PRDC.2015.37
Abstract: The transformation of traditional power systems to smart grids brings significant benefits, but also exposes the grids to various cyber threats. The recent effort led by US National Electric Sector Cybersecurity Organization Resource (NESCOR) Technical Working Group 1 to compile failure scenarios is an important initiative to document typical cybersecurity threats to smart grids. While these scenarios are an invaluable thought-aid, companies still face challenges in systematically and efficiently applying the failure scenarios to assess security risks for their specific infrastructure. In this work, we develop a model-based process for assessing the security risks from NESCOR failure scenarios. We extend our cybersecurity assessment tool, Cyber-SAGE, to support this process, and use it to analyze 25 failure scenarios. Our results show that CyberSAGE can generate precise and structured security argument graphs to quantitatively reason about the risk of each failure scenario. Further, CyberSAGE can significantly reduce the assessment effort by allowing the reuse of models across different failure scenarios, systems, and attacker profiles to perform "what if?" analysis.
Keywords: power system security; security of data; smart power grids; Cyber-SAGE; NESCOR smart grid failure scenarios; model-based cybersecurity assessment; model-based process; security argument graphs; security risks; Companies; Computer security; Density estimation robust algorithm; Risk management; Smart grids; Unified modeling language; NESCOR; Smart grid; cybersecurity (ID#: 16-9321)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7371879&isnumber=7371833
Shchetinin, D.; Hug, G., "Risk-Constrained AC OPF with Risk Limits on Individual System States," in PowerTech, 2015 IEEE Eindhoven, pp. 1-6, June 29 2015-July 2 2015. doi: 10.1109/PTC.2015.7232330
Abstract: Risk-based security indexes can be used as a constraint in OPF to determine the most economic generation dispatch while ensuring that the risk of power system operation stays below a given value. Existing approaches only limit the total risk, which can result in some system states having significantly higher values of risk compared to others. In this paper, a risk-constrained AC OPF that limits the individual risk of each considered system state is proposed. The resulting optimization problem is solved by a centralized method and iterative algorithm based on locational security impact factors, which quantify the impact of a change of a generator output on the risk of a certain system state. The comparison of these methods in terms of the simulation time and solution accuracy as well as the analysis of limiting the total versus individual risk is presented for the IEEE Reliability Test System.
Keywords: iterative methods; optimisation; power generation dispatch; power generation economics; power system security; power system state estimation; risk analysis; IEEE reliability test system; centralized method; economic generation dispatch; iterative algorithm; locational security impact factor; optimization problem; power system operation risk; power system state; risk constrained AC OPF; risk limit; risk-based security index; Generators; Indexes; Iterative methods; Niobium; Optimization; Power systems; Security; optimization; risk-based security (ID#: 16-9322)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7232330&isnumber=7232233
Badawy, A.; Khattab, T.; Elfouly, T.; Chiasserini, C.-F.; Mohamed, A.; Trinchero, D., "Channel Secondary Random Process for Robust Secret Key Generation," in Wireless Communications and Mobile Computing Conference (IWCMC), 2015 International, pp. 114-119, 24-28 Aug. 2015. doi: 10.1109/IWCMC.2015.7289067
Abstract: The broadcast nature of wireless communications imposes the risk of information leakage to adversarial users or unauthorized receivers. Therefore, information security between intended users remains a challenging issue. Most of the current physical layer security techniques exploit channel randomness as a common source between two legitimate nodes to extract a secret key. In this paper, we propose a new simple technique to generate the secret key. Specifically, we exploit the estimated channel to generate a secondary random process (SRP) that is common between the two legitimate nodes. We compare the estimated channel gain and phase to a preset threshold. The moving differences between the locations at which the estimated channel gain and phase exceed the threshold are the realization of our SRP. We simulate an orthogonal frequency division multiplexing (OFDM) system and show that our proposed technique provides a drastic improvement in the key bit mismatch rate (BMR) between the legitimate nodes when compared to the techniques that exploit the estimated channel gain or phase directly. In addition to that, the secret key generated through our technique is longer than that generated by conventional techniques.
Keywords: OFDM modulation; channel estimation; phase estimation; private key cryptography; radio receivers; random processes; risk analysis; BMR; OFDM; SRP; adversarial user; channel gain estimation; channel randomness; channel secondary random process; information leakage risk; information security; key bit mismatch rate; legitimate node; orthogonal frequency division multiplexing; phase estimation; physical layer security technique; robust secret key generation; unauthorized receiver; wireless communication; Channel estimation; Entropy; Gain; OFDM; Quantization (signal); Random processes; Signal to noise ratio; Bit mismatch rate; Channel estimation; OFDM systems; Physical layer security; Secret key generation (ID#: 16-9323)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7289067&isnumber=7288920
Razzaque, M.A.; Clarke, S., "A Security-Aware Safety Management Framework for IoT-Integrated Bikes," in Internet of Things (WF-IoT), 2015 IEEE 2nd World Forum on, pp. 92-97, 14-16 Dec. 2015. doi: 10.1109/WF-IoT.2015.7389033
Abstract: Bike and vehicle collisions often result in fatality to vulnerable bikers. Use of technologies can protect such vulnerable road users. Next generation smart bikes with sensing, computing and communication capabilities or bikes with bikers' smartphones have the potential to be integrated in an Internet of Things (IoT) environment. Unlike avoidance of inter-vehicle collisions, very limited efforts are made on IoT-integrated bikes and vehicles to avoid bike-vehicle collisions and offer bikers' safety. Moreover, these IoT-integrated bikes and vehicles will create new and different information and cyber security risks that could make existing safety solutions ineffective. To exploit the potential of IoT in an effective way, especially in bikers' safety, this work proposes a security-aware bikers' safety management framework that integrates a misbehavior detection scheme (MDS) and a collision prediction and detection scheme (CPD). The MDS, in particular for vehicles (as vehicles are mainly responsible for most bike-vehicle collisions) provides security-awareness to the framework using in-vehicle security checking and vehicles' mobility-patterns-based misbehavior detection. The MDS also includes in-vehicle driver's behavior monitoring to identify potential misbehaving drivers. The framework's MDS and the CPD relies on the improved versions of some existing solutions. Use cases of the framework demonstrates its potential in providing bikers safety.
Keywords: Internet of Things; bicycles; mobility management (mobile radio);road safety; smart phones; telecommunication security; CPD scheme; Internet of Things environment; IoT environment; IoT-integrated bikes; MDS; behavior monitoring; bike collisions; bike-vehicle collisions; collision prediction and detection scheme; cyber security risks; in-vehicle security checking; information risks; mobility-patterns-based misbehavior detection; next generation smart bikes; security-aware bikers safety management framework; security-awareness; smartphones; vulnerable road users; Cloud computing; Estimation; Roads; Security; Trajectory; Vehicles; Bikers' Safety; Bikes; Collision Prediction and Detection; Security; V2X communication (ID#: 16-9324)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7389033&isnumber=7389012
Note:
Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.