Biblio

This paper introduces a robust random number generator that based on Bernoulli discrete chaotic map. An eight bit SAR ADC is used with discrete time chaotic map to generate random bit sequences. Compared to RNGs that use the continuous time chaotic map, sensitivity to process, voltage and temperature (PVT) variations are reduced. Thanks to utilizing switch capacitor circuits to implement Bernoulli chaotic map equations, power consumption decreased significantly. Proposed design that has a throughput of 500 Kbit/second is implemented in TSMC 180 nm process technology. Generated bit sequences has successfully passed all four primary tests of FIPS-140-2 test suite and all tests of NIST 820–22 test suite without post processing. Furthermore, data rate can be increased by sacrificing power consumption. Hence, proposed architecture could be utilized in high speed cryptography applications.

Lightning Network (LN) addresses the scalability problem of Bitcoin by leveraging off-chain transactions. Nevertheless, it is not possible to run LN on resource-constrained IoT devices due to its storage, memory, and processing requirements. Therefore, in this paper, we propose an efficient and secure protocol that enables an IoT device to use LN's functions through a gateway LN node. The idea is to involve the IoT device in LN operations with its digital signature by replacing original 2-of-2 multisignature channels with 3-of-3 multisignature channels. Our protocol enforces the LN gateway to request the IoT device's cryptographic signature for all operations on the channel. We evaluated the proposed protocol by implementing it on a Raspberry Pi for a toll payment scenario and demonstrated its feasibility and security.

Nowadays, with the continuous increase in oil prices and the worldwide shift towards clean energy, all-electric vehicles are booming. Thence, these vehicles need widespread charging systems operating securely and reliably. Consequently, these charging systems need the most robust cybersecurity measures and strong authentication mechanisms to protect its user. This paper presents a new security scheme leveraging human biometrics in terms of iris recognition to defend against multiple types of cyber-attacks such as fraudulent identities, man-in-the-middle attacks, or unauthorized access to electric vehicle charging stations. Fundamentally, the proposed scheme implements a security mechanism based on the inherently unique characteristics of human eye biometric. The objective of the proposed scheme is to enhance the security of electric vehicle charging stations by using a low-cost and efficient authentication using k-Nearest Neighbours (KNN), which is a lightweight encryption algorithm.We tested our system on high-quality images obtained from the standard IITD iris database to search over the encrypted database and authenticate a legitimate user. The results showed that our proposed technique had minimal communication and computation overhead, which is quite suitable for the resource-limited charging station devices. Furthermore, we proved that our scheme outperforms other existing techniques.

In this paper, we propose a novel protocol to represent the human factor on a blockchain environment. Our approach allows single or groups of humans to propose data in blocks which cannot be validated automatically but need human knowledge and collaboration to be validated. Only if human-based consensus on the correctness and trustworthiness of the data is reached, the new block is appended to the blockchain. This human approach significantly extends the possibilities of blockchain applications on data types apart from financial transaction data.

Cryptographic algorithms are playing an important role in the information security field. Strong and unbreakable algorithms provide high security and good throughput. The strength of any encryption algorithm is basically based on the degree of difficulty to obtain the encryption key by such cyber-attacks as brute. It is supposed that the bigger the key size, the more difficult it is to compute the key. But increasing the key size will increase both the computational complexity and the processing time of algorithms. In this paper, we proposed a reliable, effective, and more secure symmetric stream cipher algorithm for encryption and decryption called Symmetric Cipher based on Key Hashing Algorithm (SCKHA). The idea of this algorithm is based on hashing and splitting the encryption symmetric key. Hashing the key will hide the encrypted key to prevent any intruder from forging the hash code, and, thus, it satisfies the purpose of security, authentication, and integrity for a message on the network. In addition, the algorithm is secure against a brute-force attack by increasing the resources it takes for testing each possible key. Splitting the hashed value of the encryption key will divide the hashed key into two key chunks. The encryption process performed using such one chunk based on some calculations on the plaintext. This algorithm has three advantages that are represented in computational simplicity, security and efficiency. Our algorithm is characterized by its ability to search on the encrypted data where the plaintext character is represented by two ciphertext characters (symbols).

This research concerns the detection of unauthorised access within hospital networks through the real-time analysis of audit logs. Privacy is a primary concern amongst patients due to the rising adoption of Electronic Patient Record (EPR) systems. There is growing evidence to suggest that patients may withhold information from healthcare providers due to lack of Trust in the security of EPRs. Yet, patient record data must be available to healthcare providers at the point of care. Ensuring privacy and confidentiality of that data is challenging. Roles within healthcare organisations are dynamic and relying on access control is not sufficient. Through proactive monitoring of audit logs, unauthorised accesses can be detected and presented to an analyst for review. Advanced data analytics and visualisation techniques can be used to aid the analysis of big data within EPR audit logs to identify and highlight pertinent data points. Employing a human-in-the-loop model ensures that suspicious activity is appropriately investigated and the data analytics is continuously improving. This paper presents a system that employs a Human-in-the-Loop Machine Learning (HILML) algorithm, in addition to a density-based local outlier detection model. The system is able to detect 145 anomalous behaviours in an unlabelled dataset of 1,007,727 audit logs. This equates to 0.014% of the EPR accesses being labelled as anomalous in a specialist Liverpool (UK) hospital.

Personalized IoT adapt their behavior based on contextual information, such as user behavior and location. Unfortunately, the fact that personalized IoT adapt to user context opens a side-channel that leaks private information about the user. To that end, we start by studying the extent to which a malicious eavesdropper can monitor the actions taken by an IoT system and extract user's private information. In particular, we show two concrete instantiations (in the context of mobile phones and smart homes) of a new category of spyware which we refer to as Context-Aware Adaptation Based Spyware (SpyCon). Experimental evaluations show that the developed SpyCon can predict users' daily behavior with an accuracy of 90.3%. Being a new spyware with no known prior signature or behavior, traditional spyware detection that is based on code signature or system behavior are not adequate to detect SpyCon. We discuss possible detection and mitigation mechanisms that can hinder the effect of SpyCon.

Performing a live digital forensics investigation on a running system is challenging due to the time pressure under which decisions have to be made. Newly proliferating and frequently applied types of malware (e.g., fileless malware) increase the need to conduct digital forensic investigations in real-time. In the course of these investigations, forensic experts are confronted with a wide range of different forensic tools. The decision, which of those are suitable for the current situation, is often based on the cyber forensics experts’ experience. Currently, there is no reliable automated solution to support this decision-making. Therefore, we derive requirements for visually supporting the decision-making process for live forensic investigations and introduce a research prototype that provides visual guidance for cyber forensic experts during a live digital forensics investigation. Our prototype collects relevant core information for live digital forensics and provides visual representations for connections between occurring events, developments over time, and detailed information on specific events. To show the applicability of our approach, we analyze an exemplary use case using the prototype and demonstrate the support through our approach.

The rapid progress experienced in the Internet of Things (IoT) space is one that has introduced new and unique challenges for cybersecurity and IoT-Forensics. One of these problems is how digital forensics and incident response (DFIR) are handled in IoT. Since enormous users use IoT platforms to accomplish their day to day task, massive amounts of data streams are transferred with limited hardware resources; conducting DFIR needs a new approach to mitigate digital evidence and incident response challenges owing to the facts that there are no unified standard or classified principles for IoT forensics. Today's IoT DFIR relies on self-defined best practices and experiences. Given these challenges, IoT-related incidents need a more structured approach in identifying problems of DFIR. In this paper, we examined the major DFIR challenges in IoT by exploring the different phases involved in a DFIR when responding to IoT-related incidents. This study aims to provide researchers and practitioners a road-map that will help improve the standards of IoT security and DFIR.

Attack surface detection for the complex software is needed to find targets for the fuzzing, because testing the whole system with many inputs is not realistic. Researchers that previously applied taint analysis for dealing with different security tasks in the virtual machines did not examined how to apply it for attack surface detection. I.e., getting the program modules and functions, that may be affected by input data. We propose using taint tracking within a virtual machine and virtual machine introspection to create a new approach that can detect the internal module interfaces that can be fuzz tested to assure that software is safe or find the vulnerabilities.

The utilization of Third-party modules is very common nowadays. Hence, combating Hardware Trojans affecting the applications' functionality and data security becomes inevitably essential. This paper focuses on the detection/masking of Hardware Trojans' undesirable effects concerned with spying and information leakage due to the growing care about applications' data confidentiality. It is assumed here that the Trojan-infected system consists mainly of a Microprocessor module (MP) followed by an encryption module and then a Medium Access Control (MAC) module. Also, the system can be application-specific integrated circuit (ASIC) based or Field Programmable Gate Arrays (FPGA) based. A general solution, including encryption, CRC encoder/decoder, and zero padding modules, is presented to handle such Trojans. Special cases are then discussed carefully to prove that Trojans will be detected/masked with a corresponding overhead that depends on the Trojan's location, and the system's need for encryption. An implementation of the CRC encoder along with the zero padding module is carried out on an Altera Cyclone IV E FPGA to illustrate the extra resource utilization required by such a system, given that it is already using encryption.

As cyber threats continue to grow and expertise resources are limited, organisations need to find ways to evaluate their resilience efficiently and take proactive measures against an attack from a specific adversary before it occurs. Threat modelling is an excellent method of assessing the resilience of ICT systems, forming Attack (Defense) Graphs (ADGs) that illustrate an adversary’s attack vectors. Cyber Threat Intelligence (CTI) is information that helps understand the current cyber threats, but has little integration with ADGs. This paper contributes with an approach that resolves this problem by using CTI feeds of known threat actors to enrich ADGs under multiple reuse. This enables security analysts to take proactive measures and strengthen their ICT systems against current methods used by any threat actor that is believed to pose a threat to them.

Broadcasting applications such as video surveillance systems are using High Definition (HD) videos. The use of high-resolution videos increases significantly the data volume of video coding standards such as High-Efficiency Video Coding (HEVC) and Advanced Video Coding (AVC), which increases the challenge for storing, processing, encrypting, and transmitting these data over different communication channels. Video compression standards use state-of-the-art techniques to compress raw video sequences more efficiently, such techniques require high computational complexity and memory utilization. With the emergent of using HEVC and video surveillance systems, many security risks arise such as man-in-the-middle attacks, and unauthorized disclosure. Such risks can be mitigated by encrypting the traffic of HEVC. The most widely used encryption algorithm is the Advanced Encryption Standard (AES). Most of the computational complexity in AES hardware-implemented is due to S-box or sub-byte operation and that because it needs many resources and it is a non-linear structure. The proposed AES S-box ROM design considers the latest HEVC used for homeland security video surveillance systems. This paper presents different designs for VHDL efficient ROM implementation of AES S-box using IP core generator, ROM components, and using Functions, which are all supported by Xilinx. IP core generator has Block Memory Generator (BMG) component in its library. S-box IP core ROM is implemented using Single port block memory. The S-box lookup table has been used to fill the ROM using the .coe file format provided during the initialization of the IP core ROM. The width is set to 8-bit to address the 256 values while the depth is set to 8-bit which represents the data filed in the ROM. The whole design is synthesized using Xilinx ISE Design Suite 14.7 software, while Modelism (version10.4a) is used for the simulation process. The proposed IP core ROM design has shown better memory utilization compared to non-IP core ROM design, which is more suitable for memory-intensive applications. The proposed design is suitable for implementation using the FPGA ROM design. Hardware complexity, frequency, memory utilization, and delay are presented in this paper.

Vulnerability analysis is an integral part of an overall security program. Through identifying known security flaws and weaknesses, vulnerability identification tools help security practitioners to remediate the existing vulnerabilities on the networks. Thus, it is crucial that the results of such tools are complete, accurate, timely and they produce vulnerability results with minimum or no side-effects on the networks. To achieve these goals, Active Vulnerability Scanning (AVS) or Passive Vulnerability Detection (PVD) approaches can be used by network-based vulnerability scanners. In this work, we evaluate these two approaches with respect to efficiency and effectiveness. For the effectiveness analysis, we compare these two approaches empirically on a test environment and evaluate their outcomes. According to total amount of accuracy and precision, the PVD results are higher than AVS. As a result of our analysis, we conclude that PVD returns more complete and accurate results with considerably shorter scanning periods and with no side-effects on networks, compared to the AVS.

Cloud based cyber physical system (CPS) enables individuals to store and share data collected from both cyberspace and the physical world. This leads to the proliferation of massive data at a user's local site. Since local storage systems can't store and maintain huge data, it is a wise and practical way to outsource such huge data to the cloud. Cloud storage provides scalable storage space to manage data economically and flexibly. However, the integrity of outsourced data is a critical challenge because user's lose control of their data once it's transferred to cloud servers. Several auditing schemes have been put forward based on public key infrastructure (PKI) or identity-based cryptography to verify data integrity. However, “the PKI-based schemes suffer from certificate management problem and identity-based schemes face the key escrow” problem. Therefore, to address these problems, certificateless public auditing schemes have been introduced on the basis of bilinear pairing, which incur high computation overhead, and thus it is not suitable for CPS. To reduce the computation overhead, in this paper, Using elliptic curve cryptography, we propose an efficient pairing-free certificateless public auditing scheme for cloud-based CPS. The proposed scheme is more secure against type I/II/III adversaries and efficient compared to other certificateless based schemes.

Digital watermarking is the multimedia leading security protection as it permanently escorts the digital content. Image copyright protection is becoming more anxious as the new 5G technology emerged. Protecting images with a robust scheme without distorting them is the main trade-off in digital watermarking. In this paper, a watermarking scheme based on discrete cosine transform (DCT) and singular value decomposition (SVD) using canny edge detector technique is proposed. A binary encrypted watermark is reshaped into a vector and inserted into the edge detected vector from the diagonal matrix of the SVD of DCT DC and low-frequency coefficients. Watermark insertion is performed by using an edge-tracing mechanism. The scheme is evaluated using the Peak Signal to Noise Ratio (PSNR) and Normalized Correlation (NC). Attained results are competitive when compared to present works in the field. Results show that the PSNR values vary from 51 dB to 55 dB.

This paper presents some of our first experiences and findings in the ARPA-E project ReNew100, which is to develop an operator support system to enable stable operation of power system with 100% non-synchronous (NS) generation. The key to 100% NS system, as found in many recent studies, is to establish the grid frequency reference using grid-forming (GFM) inverters. In this paper, we demonstrate in Electro-Magnetic-Transient (EMT) simulations, based on Hawai'i big island system with 100% NS capacity, that a system can be operated stably with the help of GFM inverters and appropriate controller parameters for the inverters. The dynamic security optimization (DSO) is introduced for optimizing the inverter control parameters to improve stability of the system towards N-1 contingencies. DSO is verified for five critical N-1 contingencies of big island system identified by Hawaiian Electric. The simulation results show significant stability improvement from DSO. The results in this paper share some insight, and provide a promising solution for operating grid in general with high penetration or 100% of NS generation.

In cyberspace, a digital signature is a mathematical technique that plays a significant role, especially in validating the authenticity of digital messages, emails, or documents. Furthermore, the digital signature mechanism allows the recipient to trust the authenticity of the received message that is coming from the said sender and that the message was not altered in transit. Moreover, a digital signature provides a solution to the problems of tampering and impersonation in digital communications. In a real-life example, it is equivalent to a handwritten signature or stamp seal, but it offers more security. This paper proposes a scheme to enable users to digitally sign their communications by validating their identity through users’ mobile devices. This is done by utilizing the user’s ambient Wi-Fi-enabled devices. Moreover, the proposed scheme depends on something that a user possesses (i.e., Wi-Fi-enabled devices), and something that is in the user’s environment (i.e., ambient Wi-Fi access points) where the validation process is implemented, in a way that requires no effort from users and removes the "weak link" from the validation process. The proposed scheme was experimentally examined.

Nowadays, developing an intelligent system for segmenting the moving object from the background is essential task for video surveillance applications. Recently, a deep learning segmentation algorithm composed of encoder CNN, a Feature Pooling Module and a decoder CNN called FgSegNET\_S has been proposed. It is capable to train the model using few training examples. FgSegNET\_S is relying only on the spatial information while it is fundamental to include temporal information to distinguish if an object is moving or not. In this paper, an improved version known as (T\_FgSegNET\_S) is proposed by using the subtracted images from the initial background as input. The proposed approach is trained and evaluated using two publicly available infrared datasets: remote scene infrared videos captured by medium-wave infrared (MWIR) sensors and the Grayscale Thermal Foreground Detection (GTFD) dataset. The performance of network is evaluated using precision, recall, and F-measure metrics. The experiments show improved results, especially when compared to other state-of-the-art methods.

The main objective of Human Activity Recognition (HAR) is to detect various activities in video frames. Video surveillance is an import application for various security reasons, therefore it is essential to classify activities as usual and unusual. This paper implements the deep learning model that has the ability to classify and localize the activities detected using a Single Shot Detector (SSD) algorithm with a bounding box, which is explicitly trained to detect usual and unusual activities for security surveillance applications. Further this model can be deployed in public places to improve safety and security of individuals. The SSD model is designed and trained using transfer learning approach. Performance evaluation metrics are visualised using Tensor Board tool. This paper further discusses the challenges in real-time implementation.

Microservices-based architectures gain more and more attention in industry and academia due to their tremendous advantages such as providing resiliency, scalability, composability, etc. To benefit from these advantages, a proper architectural design is very important. The decomposition model of services into microservices and the granularity of these microservices affect the different aspects of the system such as flexibility, maintainability, performance, and security. An inappropriate service decomposition into microservices (improper granularity) may increase the attack surface of the system and lower its security level. In this paper, first, we study the probability of compromising services before and after decomposition. Then we formulate the impacts of possible service decomposition models on confidentiality, integrity, and availability attributes of the system. To do so, we provide equations for measuring confidentiality, integrity, and availability risks of the decomposed services in the system. It is also shown that the number of entry points to the decomposed services and the size of the microservices affect the security attributes of the system. As a use case, we propose three different service decomposition models for the 5G NRF (Network Repository Function) and calculate the impacts of these decomposition models on the confidentiality, integrity, and availability of the system using the provided equations.

In today's volatile environment, we have never been more reliant on a tightly knit supply chain (SC). Globalisation, mass manufacturing, and specialisation are now hallmarks of our integrated, industrialised world. Decision-makers rely heavily on accurate up-to-the-minute data. Even the tiniest interruption in data flow can have a huge effect on the quality of decision-making and performance. In the full interconnection paradigm, this dependency has inadvertently pushed device connectivity toward an Industrial Internet of Things (IIoT) approach. This has allowed the provision of 'added value resources' such as SC optimisation for Industry 4.0 (I4.0) or enhanced process controls. While system interconnectivity has increased, Internet of Things (IoT) and I4.0 SC protection measures have lagged behind. The root cause of this disparity is the existing mainstream security practices inherited from industrial networks and linking systems that neglect any specific security capability. This paper introduces the preliminary design of an I4.0 SC architecture that offers a complete protocol break about how exacting security functions could be implemented by isolation, a rigorous access control system, and surveillance to ensure the proposed architecture's end-to-end security to I4.0 SC.

The smart electricity grids have been evolving to a more complex cyber-physical ecosystem of infrastructures with integrated communication networks, new carbon-free sources of power generation, advanced monitoring and control systems, and a myriad of emerging modern physical hardware technologies. With the unprecedented complexity and heterogeneity in dynamic smart grid networks comes additional vulnerability to emerging threats such as cyber attacks. Rapid development and deployment of advanced network monitoring and communication systems on one hand, and the growing interdependence of the electric power grids to a multitude of lifeline critical infrastructures on the other, calls for holistic defense strategies to safeguard the power grids against cyber adversaries. In order to improve the resilience of the power grid against adversarial attacks and cyber intrusions, advancements should be sought on detection techniques, protection plans, and mitigation practices in all electricity generation, transmission, and distribution sectors. This survey discusses such major directions and recent advancements from a lens of different detection techniques, equipment protection plans, and mitigation strategies to enhance the energy delivery infrastructure resilience and operational endurance against cyber attacks. This undertaking is essential since even modest improvements in resilience of the power grid against cyber threats could lead to sizeable monetary savings and an enriched overall social welfare.

Modern vehicles equipped with a large number of electronic components, sensors, actuators, and extensive connectivity, are the classical example of cyber-physical systems (CPS). Communication as an integral part of the CPS has enabled and offered many value-added services for vehicular networks. The communication mechanism helps to share contents with all vehicular network nodes and the surrounding environment, e.g., vehicles, traffic lights, and smart road signs, to efficiently take informed and smart decisions. Thus, it opens the doors to many security threats and vulnerabilities. Traditional TCP/IP-based communication paradigm focuses on securing the communication channel instead of the contents that travel through the network. Nevertheless, for content-centered application, content security is more important than communication channel security. To this end, named data networking (NDN) is one of the future Internet architectures that puts the contents at the center of communication and offers embedded content security. In this paper, we first identify the cyberattacks and security challenges faced by the vehicular CPS (VCPS). Next, we propose the NDN-based cyber-resilient, the layered and modular architecture for VCPS. The architecture includes the NDN's forwarding daemon, threat aversion, detection, and resilience components. A detailed discussion about the functionality of each component is also presented. Furthermore, we discuss the future challenges faced by the integration of NDN with VCPS to realize NDN-based VCPS.

Nowadays a huge amount of sensitive information is sending via packet data networks and its security doesn't provided properly. Very often information leakage causes huge damage to organizations. One of the mechanisms to cause information leakage when it transmits through a communication channel is to construct a covert channel. Everywhere used packet networks provide huge opportunities for covert channels creating, which often leads to leakage of critical data. Moreover, covert channels based on packet length modifying can function in a system even if traffic encryption is applied and there are some data transfer schemes that are difficult to detect. The purpose of the paper is to construct and examine a normalization protection tool against covert channels. We analyze full and partial normalization, propose estimation of the residual covert channel capacity in a case of counteracting and determine the best parameters of counteraction tool.