Biblio

The report examines approaches to assessing the information security of data transmission networks (DTN). The analysis of methods for quantitative assessment of information security risks is carried out. A methodological approach to the assessment of IS DTN based on the risk-oriented method is presented. A method for assessing risks based on the mathematical apparatus of the queening systems (QS) is considered and the problem of mathematical modeling is solved.

Brushless synchronous generators (BSG) are typically used to produce an island network whose voltage is close to the nominal voltage of the generator. Generators are often used also in test-field applications where also zero output voltage is needed. The exciter construction and magnetic remanence may lead to a situation where the non-loaded generator terminal voltage cannot be controlled close to zero but a significant voltage is always generated because the exciter remanence. A new brushless synchronous generator excitation and de-excitation converter topology for test applications is proposed. The purpose is to achieve full voltage control from zero to nominal level without modifications to the generator. Insulated-gate bipolar transistor (IGBT) and Field-Programmable Gate Array (FPGA) technology are used to achieve the required fast and accurate control. In the work, simulation models were first derived to characterize the control performance. The proposed converter topology was then verified with the simulation model and tested empirically with a 400 kVA brushless synchronous generator. The results indicate that the exciter remanence and self-excitation can be controlled through the exciter stationary field winding when the proposed converter topology controls the field winding current. Consequently, in highly dynamical situations, the system is unaffected by mechanical stresses and wear in the generator.

In this paper we tackle the open paradoxical challenge of FPGA-accelerated cloud computing: On one hand, clients aim to secure their Intellectual Property (IP) by encrypting their configuration bitstreams prior to uploading them to the cloud. On the other hand, cloud service providers disallow the use of encrypted bitstreams to mitigate rogue configurations from damaging or disabling the FPGA. Instead, cloud providers require a verifiable check on the hardware design that is intended to run on a cloud FPGA at the netlist-level before generating the bitstream and loading it onto the FPGA, therefore, contradicting the IP protection requirement of clients. Currently, there exist no practical solution that can adequately address this challenge.We present the first practical solution that, under reasonable trust assumptions, satisfies the IP protection requirement of the client and provides a bitstream sanity check to the cloud provider. Our proof-of-concept implementation uses existing tools and commodity hardware. It is based on a trusted FPGA shell that utilizes less than 1% of the FPGA resources on a Xilinx VCU118 evaluation board, and an Intel SGX machine running the design checks on the client bitstream.

Logic locking is a holistic design-for-trust technique that aims to protect the design intellectual property (IP) from untrustworthy entities throughout the supply chain. Functional and structural analysis-based attacks successfully circumvent state-of-the-art, provably secure logic locking (PSLL) techniques. However, such attacks are not holistic and target specific implementations of PSLL. Automating the detection and subsequent removal of protection logic added by PSLL while accounting for all possible variations is an open research problem. In this paper, we propose GNNUnlock, the first-of-its-kind oracle-less machine learning-based attack on PSLL that can identify any desired protection logic without focusing on a specific syntactic topology. The key is to leverage a well-trained graph neural network (GNN) to identify all the gates in a given locked netlist that belong to the targeted protection logic, without requiring an oracle. This approach fits perfectly with the targeted problem since a circuit is a graph with an inherent structure and the protection logic is a sub-graph of nodes (gates) with specific and common characteristics. GNNs are powerful in capturing the nodes' neighborhood properties, facilitating the detection of the protection logic. To rectify any misclassifications induced by the GNN, we additionally propose a connectivity analysis-based post-processing algorithm to successfully remove the predicted protection logic, thereby retrieving the original design. Our extensive experimental evaluation demonstrates that GNNUnlock is 99.24% - 100% successful in breaking various benchmarks locked using stripped-functionality logic locking [1], tenacious and traceless logic locking [2], and Anti-SAT [3]. Our proposed post-processing enhances the detection accuracy, reaching 100% for all of our tested locked benchmarks. Analysis of the results corroborates that GNNUnlock is powerful enough to break the considered schemes under different parameters, synthesis settings, and technology nodes. The evaluation further shows that GNNUnlock successfully breaks corner cases where even the most advanced state-of-the-art attacks [4], [5] fail. We also open source our attack framework [6].

The paper proposes ways to solve the problem of secure remote access to telecommunications’ equipment. The purpose of the study is to develop a set of procedures to ensure secure interaction while working remotely with Cisco equipment using the SSH protocol. This set of measures is a complete list of measures which ensures security of remote connection to a corporate computer network using modern methods of cryptography and network administration technologies. It has been tested on the GNS3 software emulator and Cisco telecommunications equipment and provides a high level of confidentiality and integrity of remote connection to a corporate computer network. In addition, the study detects vulnerabilities in the IOS operating system while running SSH service and suggests methods for their elimination.

In the context of the Industry 4.0 initiative, Cyber-Physical Production Systems (CPPS) or Cyber Manufacturing Systems (CMS) can be characterized as advanced networked mechatronic production systems gaining their added value by interaction with different systems using advanced communication technologies. Appropriate wired and wireless communication technologies and standards need to add timing in combination with security concepts to realize the potential improvements in the production process. One of these standards is IO-Link Wireless, which is used for sensor/actuator network operation. In this paper cryptographic performance and energy efficiency of an IO-Link Wireless Device are analyzed. The power consumption and the influence of the cryptographic operations on the trans-mission timing of the IO-Link Wireless protocol are exemplary measured employing a Phytec module based on a CC2650 system-on-chip (SoC) radio transceiver [2]. Confidentiality is considered in combination with the cryptographic performance as well as the energy efficiency. Different cryptographic algorithms are evaluated using the on chip hardware accelerator compared to a cryptographic software implementation.

Recently, it is predicted that interworking between heterogeneous devices will be accelerated due to the openness of the IoT (Internet of Things) platform, but various security threats are also expected to increase. However, most IoT open platforms remain at the level that utilizes existing security technologies. Therefore, a more secure security technology is required to prevent illegal copying and leakage of important data through stealing, theft, and hacking of IoT devices. In addition, a technique capable of ensuring interoperability with existing standard technologies is required. This paper proposes an IoT device authentication method based on PUF (Physical Unclonable Function) that operates on an IoT open platform. By utilizing PUF technology, the proposed method can effectively respond to the threat of exposure of the authentication key of the existing IoT open platform. Above all, the proposed method can contribute to compatibility and interoperability with existing technologies by providing a device authentication method that can be effectively applied to the OCF Iotivity standard specification, which is a representative IoT open platform.

In the security platform of Internet of Things (IoT), a licensed Low Power Wide Area Network (LPWAN) technology, named Narrowband Internet of Things (NB-IoT) is playing a vital role in transferring the information between objects. This technology is preferable for applications having a low data rate. As the number of subscribers increases, attack possibilities raise simultaneously. So securing the transmission between the objects becomes a big task. Bandwidth spoofing is one of the most sensitive attack that can be performed on the communication channel that lies between the access point and user equipment. This research proposal objective is to secure the system from the attack based on Unmanned Aerial vehicles (UAVs) enabled Small Cell Access (SCA) device which acts as an intruder between the user and valid SCA and investigating the scenario when any intruder device comes within the communication range of the NB-IoT enabled device. Here, this article also proposed a mathematical solution for the proposed scenario.

In the Internet of Things, it is more important than ever to effectively address the problem of secure transmission based on steganographic substitution by synthesizing digital sensor data. In this case, the degree to which the grayscale message is obscured is a necessary issue. To ensure information security in IoT systems, various methods are used and information security problems are solved to one degree or another. The article proposes a method and algorithm for a computer image in grayscale, in which the value of each pixel is one sample, representing the amount of light, carrying only information about the intensity. The proposed method in grayscale using steganographic coding provides a secure implementation of data transmission in the IoT system. Study results were analyzed using PSNR (Peak Signal to Noise Ratio).

The blockchain technology evolution in recent times has a hopefulness regarding the impression of self-sovereign identity that has a significant effect on the method of interacting with each other with security over the network. The existing system is not complete and procedural. There arises a different idea of self-sovereign identity methodology. To develop to the possibility, it is necessary to guarantee a better understanding in a proper way. This paper has an in-depth analysis of the attributes of the self-sovereign identity and it affects over the laws of identity that are being explored. The Identity management system(IMS) with no centralized authority is proposed in maintaining the secrecy of records, where as traditional systems are replaced by blockchains and identities are generated cryptographically. This study enables sharing of user data on permissioned blockchain which uses identity-based encryption to maintain access control and data security.

Decentralized Identifiers (DIDs) and Self-Sovereign Identity (SSI) are emerging decentralized identity solutions. DIDs allow legal entities like organizations to create and fully control their identifiers while building the necessary infrastructure for SSI, enabling entities like persons, organizations, or machines to fully control and own their digital identities without the involvement of an intermediate central authority. DIDs are identifiers that are used to reference entities unambiguously and, together with DID Documents stored in a verifiable data registry, establish a new, decentralized public-key infrastructure. An SSI-based digital identity may be composed of many different claims certified by an issuer. Examples are the identity holder’s name, age, gender, university degree, driving license, or other attributes. What makes SSI unique compared to other identity management solutions is that the users keep their digital identities in storage of their choice and thus determine their distribution and processing.With this privacy-by-design approach, the emergence of DIDs and SSI can shape the architecture of the future Internet and its applications, which will impact the future of mobile networks. While 5G networks are currently being rolled out, a discussion about the new capabilities of 6G networks, which are still in the distant future, has long since begun. In addition to even faster access, shorter delays, and new applications, features such as human-centricity, data protection, and privacy are being addressed in particular in the discussions. These latter points make DIDs, SSI, and related concepts and architectures promising candidates for 6G adoption.The talk gives a brief introduction to DIDs and SSI and then discusses the benefits and drawbacks the integration of these technologies into 6G may have. Furthermore, the talk identifies different use cases and identifies the system components and functions of cellular networks affected by a 6G integration.

Federated Identity Management (FIM) is a model of identity management in which different trusted organizations can provide secure online services to their uses. Security Assertion Markup Language (SAML) is one of the widely-used technologies for FIM. However, a SAML-based FIM has two significant issues: the metadata (a crucial component in SAML) has security issues, and federation management is hard to scale. The concept of dynamic identity federation has been introduced, enabling previously unknown entities to join in a new federation facilitating inter-organization service provisioning to address federation management's scalability issue. However, the existing dynamic federation approaches have security issues concerning confidentiality, integrity, authenticity, and transparency. In this paper, we present the idea of facilitating dynamic identity federations utilizing blockchain technology to improve the existing approaches' security issues. We demonstrate its architecture based on a rigorous threat model and requirement analysis. We also discuss its implementation details, current protocol flows and analyze its performance to underline its applicability.

STAMP (System Theoretic Accident Model and Processes) is one of the theories that has been attracting attention as a new safety analysis method for complex systems. CAST (Causal Analysis using System Theory) is a causal analysis method based on STAMP theory. The authors investigated an information security incident case, “AIST (National Institute of Advanced Industrial Science and Technology) report on unauthorized access to information systems,” and attempted accident analysis using CAST. We investigated whether CAST could be applied to the cyber security analysis. Since CAST is a safety accident analysis technique, this study was the first to apply CAST to cyber security incidents. Its effectiveness was confirmed from the viewpoint of the following three research questions. Q1:Features of CAST as an accident analysis method Q2:Applicability and impact on security accident analysis Q3:Understanding cyber security incidents with a five-layer model.

In high-performance computing (HPC), scientific applications often manage a massive amount of data using I/O libraries. These libraries provide convenient data model abstractions, help ensure data portability, and, most important, empower end users to improve I/O performance by tuning configurations across multiple layers of the HPC I/O stack. We propose SCTuner, an autotuner integrated within the I/O library itself to dynamically tune both the I/O library and the underlying I/O stack at application runtime. To this end, we introduce a statistical benchmarking method to profile the behaviors of individual supercomputer I/O subsystems with varied configurations across I/O layers. We use the benchmarking results as the built-in knowledge in SCTuner, implement an I/O pattern extractor, and plan to implement an online performance tuner as the SCTuner runtime. We conducted a benchmarking analysis on the Summit supercomputer and its GPFS file system Alpine. The preliminary results show that our method can effectively extract the consistent I/O behaviors of the target system under production load, building the base for I/O autotuning at application runtime.

The number of organisational cybersecurity threats continues to increase every year as technology advances. All too often, organisations assume that implementing systems security measures like firewalls and anti-virus software will eradicate cyber threats. However, even the most robust security systems are vulnerable to threats. As advanced as machine learning cybersecurity technology is becoming, it cannot be solely relied upon to solve cyber threats. There are other forces that contribute to these threats that are many-a-times out of an organisation's control i.e., human behaviour. This research article aims to create an understanding of the trends in key cybersecurity management issues that have developed in the past five years in relation to human behaviour and machine learning. The methodology adopted to guide the synthesis of this review was a systematic literature review. The guidelines for conducting the review are presented in the review approach. The key cybersecurity management issues highlighted by the research includes risky security behaviours demonstrated by employees, social engineering, the current limitations present in machine learning insider threat detection, machine learning enhanced cyber threats, and the underinvestment challenges faced in the cybersecurity domain.

Physical unclonable functions (PUFs) are used to create unique device identifiers from their inherent fabrication variability. Unstable readings and variation of the PUF response over time are key issues that limit the applicability of PUFs in real-world systems. In this project, we developed a fuzzy extractor (FE) to generate robust cryptographic keys from ReRAM-based PUFs. We tested the efficiency of the proposed FE using BCH and Polar error correction codes. We use ReRAM-based PUFs operating in pre-forming range to generate binary cryptographic keys at ultra-low power with an objective of tamper sensitivity. We investigate the performance of the proposed FE with real data using the reading of the resistance of pre-formed ReRAM cells under various noise conditions. The results show a bit error rate (BER) in the range of 10−5 for the Polar-codes based method when 10% of the ReRAM cell array is erroneous at Signal to Noise Ratio (SNR) of 20dB.This error rate is achieved by using helper data length of 512 bits for a 256 bit cryptographic key. Our method uses a 2:1 ratio for helper data and key, much lower than the majority of previously reported methods. This property makes our method more robust against helper data attacks.

The increasing penetration of cyber systems into smart grids has resulted in these grids being more vulnerable to cyber physical attacks. The central challenge of higher order cyber-physical contingency analysis is the exponential blow-up of the attack surface due to a large number of attack vectors. This gives rise to computational challenges in devising efficient attack mitigation strategies. However, a system operator can leverage private information about the underlying network to maintain a strategic advantage over an adversary equipped with superior computational capability and situational awareness. In this work, we examine the following scenario: A malicious entity intrudes the cyber-layer of a power network and trips the transmission lines. The objective of the system operator is to deploy security measures in the cyber-layer to minimize the impact of such attacks. Due to budget constraints, the attacker and the system operator have limits on the maximum number of transmission lines they can attack or defend. We model this adversarial interaction as a resource-constrained attacker-defender game. The computational intractability of solving large security games is well known. However, we exploit the approximately modular behaviour of an impact metric known as the disturbance value to arrive at a linear-time algorithm for computing an optimal defense strategy. We validate the efficacy of the proposed strategy against attackers of various capabilities and provide an algorithm for a real-time implementation.

Centrality measures on graphs have found applications in a large number of domains including modeling the spread of an infection/disease, social network analysis, and transportation networks. As a result, parallel algorithms for computing various centrality metrics on graphs are gaining significant research attention in recent years. In this paper, we study parallel algorithms for the percolation centrality measure which extends the betweenness-centrality measure by incorporating a time dependent state variable with every node. We present parallel algorithms that compute the source-based and source-destination variants of the percolation centrality values of nodes in a network. Our algorithms extend the algorithm of Brandes, introduce optimizations aimed at exploiting the structural properties of graphs, and extend the algorithmic techniques introduced by Sariyuce et al. [26] in the context of centrality computation. Experimental studies of our algorithms on an Intel Xeon(R) Silver 4116 CPU and an Nvidia Tesla V100 GPU on a collection of 12 real-world graphs indicate that our algorithmic techniques offer a significant speedup.

The growing complexity of server architectures, which incorporate several components with state, has necessitated rigorous assessment of the security risk both during design and operation. In this paper, we propose a novel technique to model the security risk of servers by mapping their architectures to graphs. This allows us to leverage tools from computational graph theory, which we combine with probability theory for deriving quantitative metrics for risk assessment. Probability of attack is derived for server components, with prior probabilities assigned based on knowledge of existing vulnerabilities and countermeasures. The resulting analysis is further used to compute measures of impact and exploitability of attack. The proposed methods are demonstrated on two open-source server designs with different architectures.

Wireless Sensor Networks (WSNs) have limited energy resource which requires authentic data transmission at a minimum cost. The major challenge is to deploy WSN with limited energy and lifetime of nodes while taking care of secure data communication. The transmission of data from the wireless channels may cause many losses such as fading, noise, bit error rate increases as well as deplete the energy resource from the nodes. To reduce the adverse effects of losses and to save power usage, error control coding (ECC) techniques are widely used and it also brings coding gain. Since WSN have limited energy resource so the selection of ECC is very difficult as both power consumption, as well as BER, has also taken into consideration. This research paper reviews different types of models, their applications, limitations of the sensor networks, and what are different types of future works going to overcome the limitations.

The main aim of the Internet of things is to improve the safety of the device through inter-Device communication (IDC). Various applications are emerging in Internet of things. Various aspects of Internet of things differ from Internet of things, especially the nodes have more velocity which causes the topology to change rapidly. The requirement of researches in the concept of Internet of things increases rapidly because Internet of things face many challenges on the security, protocols and technology. Despite the fact that the problem of organizing the interaction of IIoT devices has already attracted a lot of attention from many researchers, current research on routing in IIoT cannot effectively solve the problem of data exchange in a self-adaptive and self-organized way, because the number of connected devices is quite large. In this article, an adaptive neuro-fuzzy clustering algorithm is presented for the uniform distribution of load between interacting nodes. We synthesized fuzzy logic and neural network to balance the choice of the optimal number of cluster heads and uniform load distribution between sensors. Comparison is made with other load balancing methods in such wireless sensor networks.

The proposed method allows us to determine the predicted value of the complex systems information security risk and its confidence interval using regression analysis and fuzzy logic in terms of the risk dependence on various factors: the value of resources, the level of threats, potential damage, the level of costs for creating and operating the system, the information resources control level.

The fusion of peer-to-peer (P2P) fog network and the traditional three-tier fog computing architecture allows fog devices to conjointly pool their resources together for improved service provisioning and better bandwidth utilization. However, any unauthorized access to the fog network may have calamitous consequences. In this paper, a new lightweight two-party authenticated and key agreement (AKA) protocol is proposed for fog-to-fog collaboration. The security analysis of the protocol reveals that it is resilient to possible attacks. Moreover, the validation of the protocol conducted using the broadly-accepted Automated Verification of internet Security Protocols and Applications (AVISPA) shows that it is safe for practical deployment. The performance evaluation in terms of computation and communication overheads demonstrates its transcendence over the state-of-the-art protocols.

With the rapid development of IoT in recent years, IoT is increasingly being used as an endpoint of supply chains. In general, as the majority of data is now being stored and shared over the network, information security is an important issue in terms of secure supply chain management. In response to cyber security breaches and threats, there has been much research and development on the secure storage and transfer of data over the network. However, there is a relatively limited amount of research and proposals for the security of endpoints, such as IoT linked in the supply chain network. In addition, it is difficult to ensure reliability for IoT itself due to a lack of resources such as CPU power and storage. Ensuring the reliability of IoT is essential when IoT is integrated into the supply chain. Thus, in order to secure the supply chain, we need to improve the reliability of IoT, the endpoint of the supply chain. In this work, we examine the use of IoT gateways, client certificates, and IdP as methods to compensate for the lack of IoT resources. The results of our qualitative evaluation demonstrate that using the IdP method is the most effective.

With over 80% of goods transportation in volume carried by sea, ports are key infrastructures within the logistics value chain. To address the challenges of the globalized and competitive economy, ports are digitizing at a fast pace, evolving into smart ports. Consequently, the cyber-resilience of ports is essential to prevent possible disruptions to the economic supply chain. Over the last few years, there has been a significant increase in the number of disclosed cyber-attacks on ports. In this paper, we present the capabilities of a high-end hybrid cyber range for port cyber risks awareness and training. By describing a specific port use-case and the first results achieved, we draw perspectives for the use of cyber ranges for the training of port actors in cyber crisis management.