Biblio

A digital certificate is by far the most widely used artifact to establish secure electronic communication over the Internet. It certifies to its user that the public key encapsulated in it is associated with the subject of the certificate. A Public Key Infrastructure (PKI) is responsible to create, store, distribute, and revoke digital certificates. To establish a secure communication channel two unfamiliar entities rely on a common certificate issuer (a part of PKI) that vouches for both entities' certificates - thus authenticating each other via public keys listed in each other's certificates. Therefore, PKIs act as a trusted third party for two previously unfamiliar entities. Certificates are static data structures, their revocation status must be checked before usage; this step inadvertently involves a PKI for every secure channel establishment - leading to privacy violations of relying parties. As PKIs act as trust anchors for their subjects, any inadvertent event or malfeasance in PKI setup breaches the trust relationship leading to identity theft. Alternative PKI trust models, like PGP and SPKI, have been proposed but with limited deployment. With several retrofitting amendments to the prevalent X.509 standard, the standard has been serving its core objective of entity authentication but with modern requirements of contextual authentication, it is falling short to accommodate the evolving requirements. With the advent of blockchain as a trust management protocol, the time has come to rethink flexible alternatives to PKI core functionality; keeping in mind the modern-day requirements of contextual authentication-cum-authorization, weighted trust anchors, privacy-preservation, usability, and cost-efficient key management. In this paper, we assess this technology's complementary role in modern-day evolving security requirements. We discuss the feasibility of re-engineering PKIs with the help of blockchains, and identity networks.

Phishing has become a prominent method of data theft among hackers, and it continues to develop. In recent years, many strategies have been developed to identify phishing website attempts using machine learning particularly. However, the algorithms and classification criteria that have been used are highly different from the real issues and need to be compared. This paper provides a detailed comparison and evaluation of the performance of several machine learning algorithms across multiple datasets. Two phishing website datasets were used for the experiments: the Phishing Websites Dataset from UCI (2016) and the Phishing Websites Dataset from Mendeley (2018). Because these datasets include different types of class labels, the comparison algorithms can be applied in a variety of situations. The tests showed that Random Forest was better than other classification methods, with an accuracy of 88.92% for the UCI dataset and 97.50% for the Mendeley dataset.

Global cybersecurity threats have grown as a result of the evolving digital transformation. Cybercriminals have more opportunities as a result of digitization. Initially, cyberthreats take the form of phishing in order to gain confidential user credentials.As cyber-attacks get more sophisticated and sophisticated, the cybersecurity industry is faced with the problem of utilising cutting-edge technology and techniques to combat the ever-present hostile threats. Hackers use phishing to persuade customers to grant them access to a company’s digital assets and networks. As technology progressed, phishing attempts became more sophisticated, necessitating the development of tools to detect phishing.Machine learning is unsupervised one of the most powerful weapons in the fight against terrorist threats. The features used for phishing detection, as well as the approaches employed with machine learning, are discussed in this study.In this light, the study’s major goal is to propose a unique, robust ensemble machine learning model architecture that gives the highest prediction accuracy with the lowest error rate, while also recommending a few alternative robust machine learning models.Finally, the Random forest algorithm attained a maximum accuracy of 96.454 percent. But by implementing a hybrid model including the 3 classifiers- Decision Trees,Random forest, Gradient boosting classifiers, the accuracy increases to 98.4 percent.

Phishing is a method of online fraud where attackers are targeted to gain access to the computer systems for monetary benefits or personal gains. In this case, the attackers pose themselves as legitimate entities to gain the users' sensitive information. Phishing has been significant concern over the past few years. The firms are recording an increase in phishing attacks primarily aimed at the firm's intellectual property and the employees' sensitive data. As a result, these attacks force firms to spend more on information security, both in technology-centric and human-centric approaches. With the advancements in cyber-security in the last ten years, many techniques evolved to detect phishing-related activities through websites and emails. This study focuses on the latest techniques used for detecting phishing attacks, including the usage of Visual selection features, Machine Learning (ML), and Artificial Intelligence (AI) to see the phishing attacks. New strategies for identifying phishing attacks are evolving, but limited standardized knowledge on phishing identification and mitigation is accessible from user awareness training. So, this study also focuses on the role of security-awareness movements to minimize the impact of phishing attacks. There are many approaches to train the user regarding these attacks, such as persona-centred training, anti-phishing techniques, visual discrimination training and the usage of spam filters, robust firewalls and infrastructure, dynamic technical defense mechanisms, use of third-party certified software to mitigate phishing attacks from happening. Therefore, the purpose of this paper is to carry out a systematic analysis of literature to assess the state of knowledge in prominent scientific journals on the identification and prevention of phishing. Forty-three journal articles with the perspective of phishing detection and prevention through awareness training were reviewed from 2011 to 2020. This timely systematic review also focuses on the gaps identified in the selected primary studies and future research directions in this area.

Connected devices are being deployed at a steady rate, providing services like data collection. Pervasive applications rely on those edge devices to seamlessly provide services to users. To connect applications and edge devices, using a middleware has been a popular approach. The research is active on the subject as there are many open challenges. The secure management of the edge devices and the security of the middleware are two of them. As security is a crucial requirement for pervasive environment, we propose a middleware architecture easing the secure use of edge devices for pervasive applications, while supporting the heterogeneity of communication protocols and the dynamism of devices. Because of the heterogeneity in protocols and security features, not all edge devices are equally secure. To allow the pervasive applications to gain control over this heterogeneous security, we propose a model to describe edge devices security. This model is accessible by the applications through our middleware. To validate our work, we developed a demonstrator of our middleware and we tested it in a concrete scenario.

The marine and maritime domain is well represented in the Sustainable Development Goals (SDG) envisaged by the United Nations, which aim at conserving and using the oceans, seas and their resources for sustainable development. At the same time, there is a need for improved safety in navigation, especially in coastal areas. Up to date, there exist operational services based on advanced technologies, including remote sensing and in situ monitoring networks which provide aid to the navigation and control over the environment for its preservation. Yet, the possibilities offered by crowdsensing have not yet been fully explored. This paper addresses this issue by presenting an app based on a crowdsensing approach for improved safety and awareness at sea. The app can be integrated into more comprehensive systems and frameworks for environmental monitoring as envisaged in our future work.

Energy trading in small groups or microgrids is interesting to study. The energy market may overgrow in the future, so accessing the energy market by small prosumers may not be difficult anymore. This paper has modeled a decentralized P2P energy trading and exchange system in a microgrid group. The Islanded microgrid system is simulated to create a small energy producer and consumer trading situation. The simulation results show the increasing energy transactions and profit when including V2G as an energy storage device. In addition, blockchain is used for system security because a peer-to-peer marketplace has no intermediary control.

Network Intrusion Detection Systems (IDSs) have been used to increase the level of network security for many years. The main purpose of such systems is to detect and block malicious activity in the network traffic. Researchers have been improving the performance of IDS technology for decades by applying various machine-learning techniques. From the perspective of academia, obtaining a quality dataset (i.e. a sufficient amount of captured network packets that contain both malicious and normal traffic) to support machine learning approaches has always been a challenge. There are many datasets publicly available for research purposes, including NSL-KDD, KDDCUP 99, CICIDS 2017 and UNSWNB15. However, these datasets are becoming obsolete over time and may no longer be adequate or valid to model and validate IDSs against state-of-the-art attack techniques. As attack techniques are continuously evolving, datasets used to develop and test IDSs also need to be kept up to date. Proven performance of an IDS tested on old attack patterns does not necessarily mean it will perform well against new patterns. Moreover, existing datasets may lack certain data fields or attributes necessary to analyse some of the new attack techniques. In this paper, we argue that academia needs up-to-date high-quality datasets. We compare publicly available datasets and suggest a way to provide up-to-date high-quality datasets for researchers and the security industry. The proposed solution is to utilize the network traffic captured from the Locked Shields exercise, one of the world’s largest live-fire international cyber defence exercises held annually by the NATO CCDCOE. During this three-day exercise, red team members consisting of dozens of white hackers selected by the governments of over 20 participating countries attempt to infiltrate the networks of over 20 blue teams, who are tasked to defend a fictional country called Berylia. After the exercise, network packets captured from each blue team’s network are handed over to each team. However, the countries are not willing to disclose the packet capture (PCAP) files to the public since these files contain specific information that could reveal how a particular nation might react to certain types of cyberattacks. To overcome this problem, we propose to create a dedicated virtual team, capture all the traffic from this team’s network, and disclose it to the public so that academia can use it for unclassified research and studies. In this way, the organizers of Locked Shields can effectively contribute to the advancement of future artificial intelligence (AI) enabled security solutions by providing annual datasets of up-to-date attack patterns.

While cloud-based deep learning benefits for high-accuracy inference, it leads to potential privacy risks when exposing sensitive data to untrusted servers. In this paper, we work on exploring the feasibility of steganography in preserving inference privacy. Specifically, we devise GHOST and GHOST+, two private inference solutions employing steganography to make sensitive images invisible in the inference phase. Motivated by the fact that deep neural networks (DNNs) are inherently vulnerable to adversarial attacks, our main idea is turning this vulnerability into the weapon for data privacy, enabling the DNN to misclassify a stego image into the class of the sensitive image hidden in it. The main difference is that GHOST retrains the DNN into a poisoned network to learn the hidden features of sensitive images, but GHOST+ leverages a generative adversarial network (GAN) to produce adversarial perturbations without altering the DNN. For enhanced privacy and a better computation-communication trade-off, both solutions adopt the edge-cloud collaborative framework. Compared with the previous solutions, this is the first work that successfully integrates steganography and the nature of DNNs to achieve private inference while ensuring high accuracy. Extensive experiments validate that steganography has excellent ability in accuracy-aware privacy protection of deep learning.

For a long time, SQL injection has been considered one of the most serious security threats. NoSQL databases are becoming increasingly popular as big data and cloud computing technologies progress. NoSQL injection attacks are designed to take advantage of applications that employ NoSQL databases. NoSQL injections can be particularly harmful because they allow unrestricted code execution. In this paper we use supervised learning and natural language processing to construct a model to detect NoSQL injections. Our model is designed to work with MongoDB, CouchDB, CassandraDB, and Couchbase queries. Our model has achieved an F1 score of 0.95 as established by 10-fold cross validation.

SQL Injection has been around as a harmful and prolific threat on web applications for more than 20 years, yet it still poses a huge threat to the World Wide Web. Rapidly evolving web technology has not eradicated this threat; In 2017 51 % of web application attacks are SQL injection attacks. Most conventional practices to prevent SQL injection attacks revolves around secure web and database programming and administration techniques. Despite developer ignorance, a large number of online applications remain susceptible to SQL injection attacks. There is a need for a more effective method to detect and prevent SQL Injection attacks. In this research, we offer a unique machine learning-based strategy for identifying potential SQL injection attack (SQL injection attack) threats. Application of the proposed method in a Security Information and Event Management(SIEM) system will be discussed. SIEM can aggregate and normalize event information from multiple sources, and detect malicious events from analysis of these information. The result of this work shows that a machine learning based SQL injection attack detector which uses SIEM approach possess high accuracy in detecting malicious SQL queries.

The outages and power shortages are common occurrences in today's world and they have a significant economic impact. These failures can be minimized by making the power grid topologically robust. Therefore, the vulnerability assessment in power systems has become a major concern. This paper considers both pure and extended topological method to analyse the vulnerability of the power system to single line failures. The lines are ranked based on four spectral graph metrics: spectral radius, algebraic connectivity, natural connectivity, and effective graph resistance. A correlation is established between all the four metrics. The impact of load uncertainty on the component ranking has been investigated. The vulnerability assessment has been done on IEEE 9-bus system. It is observed that load variation has minor impact on the ranking.

Despite the fact that the power grid is typically regarded as a relatively stable system, outages and electricity shortages are common occurrences. Grid security is mainly dependent on accurate vulnerability assessment. The vulnerability can be assessed in terms of topology-based metrics and flow-based metrics. In this work, power flow analysis is used to calculate the metrics under single line contingency (N-1) conditions. The effect of load uncertainty on system vulnerability is checked. The IEEE 30 bus power network has been used for the case study. It has been found that the variation in load demand affects the system vulnerability.

This paper proposes a power network vulnerability analysis method based on topological approach considering of uncertainties from high-penetrated wind generations. In order to assess the influence of the impact of wind generation owing to its variable wind speed etc., the Quasi Monte Carlo based probabilistic load flow is adopted and performed. On the other hand, an extended stochastic topological vulnerability method involving Complex Network theory with probabilistic load flow is proposed. Corresponding metrics, namely stochastic electrical betweenness and stochastic net-ability are proposed respectively and applied to analyze the vulnerability of power network with wind generations. The case study of CIGRE medium voltage benchmark network is performed for illustration and evaluation. Furthermore, a cascading failures model considering the stochastic metrics is also developed to verify the effectiveness of proposed methodology.

Long analysis times are a key bottleneck for the widespread adoption of whole-program static analysis tools. Fortunately, however, a user is often only interested in finding errors in the application code, which constitutes a small fraction of the whole program. Current application-focused analysis tools overapproximate the effect of the library and hence reduce the precision of the analysis results. However, empirical studies have shown that users have high expectations on precision and will ignore tool results that don't meet these expectations. In this paper, we introduce the first tool QueryMax that significantly speeds up an application code analysis without dropping any precision. QueryMax acts as a pre-processor to an existing analysis tool to select a partial library that is most relevant to the analysis queries in the application code. The selected partial library plus the application is given as input to the existing static analysis tool, with the remaining library pointers treated as the bottom element in the abstract domain. This achieves a significant speedup over a whole-program analysis, at the cost of a few lost errors, and with no loss in precision. We instantiate and run experiments on QueryMax for a cast-check analysis and a null-pointer analysis. For a particular configuration, QueryMax enables these two analyses to achieve, relative to a whole-program analysis, an average recall of 87%, a precision of 100% and a geometric mean speedup of 10x.

The increasing use of Infrastructure as Code (IaC) in DevOps leads to benefits in speed and reliability of deployment operation, but extends to infrastructure challenges typical of software systems. IaC scripts can contain defects that result in security and reliability issues in the deployed infrastructure: techniques for detecting and preventing them are needed. We analyze and survey the current state of research in this respect by conducting a literature review on static analysis techniques for IaC. We describe analysis techniques, defect categories and platforms targeted by tools in the literature.

The complexity and scale of modern software programs often lead to overlooked programming errors and security vulnerabilities. Developers often rely on automatic tools, like static analysis tools, to look for bugs and vulnerabilities. Static analysis tools are widely used because they can understand nontrivial program behaviors, scale to millions of lines of code, and detect subtle bugs. However, they are known to generate an excess of false alarms which hinder their utilization as it is counterproductive for developers to go through a long list of reported issues, only to find a few true positives. One of the ways proposed to suppress false positives is to use machine learning to identify them. However, training machine learning models requires good quality labeled datasets. For this purpose, we developed D2A [3], a differential analysis based approach that uses the commit history of a code repository to create a labeled dataset of Infer [2] static analysis output.

To fulfill different requirements from various services, the smart grid typically uses 5G network slicing technique for splitting the physical network into multiple virtual logical networks. By doing so, end users in smart grid can select appropriate slice that is suitable for their services. Privacy has vital significance in network slicing selection, since both the end user and the network entities are afraid that their sensitive slicing features are leaked to an adversary. At the same time, in the smart grid, there are many low-power users who are not suitable for complex security schemes. Therefore, both security and efficiency are basic requirements for 5G slicing selection schemes. Considering both security and efficiency, we propose a 5G slicing selection security scheme based on matching degree estimation, called SS-MDE. In SS-MDE, a set of random numbers is used to hide the feature information of the end user and the AMF which can provide privacy protection for exchanged slicing features. Moreover, the best matching slice is selected by calculating the Euclid distance between two slices. Since the algorithms used in SS-MDE include only several simple mathematical operations, which are quite lightweight, SS-MDE can achieve high efficiency. At the same time, since third-party attackers cannot extract the slicing information, SS-MDE can fulfill security requirements. Experimental results show that the proposed scheme is feasible in real world applications.

Accurate and synchronized timing information is required by power system operators for controlling the grid infrastructure (relays, Phasor Measurement Units (PMUs), etc.) and determining asset positions. Satellite-based global positioning system (GPS) is the primary source of timing information. However, GPS disruptions today (both intentional and unintentional) can significantly compromise the reliability and security of our electric grids. A robust alternate source for accurate timing is critical to serve both as a deterrent against malicious attacks and as a redundant system in enhancing the resilience against extreme events that could disrupt the GPS network. To achieve this, we rely on the highly accurate, terrestrial atomic clock-based network for alternative timing and synchronization. In this paper, we discuss an experimental setup for an alternative timing approach. The data obtained from this experimental setup is continuously monitored and analyzed using various time deviation metrics. We also use these metrics to compute deviations of our clock with respect to the National Institute of Standards and Technologys (NIST) GPS data. The results obtained from these metric computations are elaborately discussed. Finally, we discuss the integration of the procedures involved, like real-time data ingestion, metric computation, and result visualization, in a novel microservices-based architecture for situational awareness.

FPGA bitstream protection schemes are often the first line of defense for secure hardware designs. In general, breaking the bitstream encryption would enable attackers to subvert the confidentiality and infringe on the IP. Or breaking the authenticity enables manipulating the design, e.g., inserting hardware Trojans. Since FPGAs see widespread use in our interconnected world, such attacks can lead to severe damages, including physical harm. Recently we [1] presented a surprising attack — Starbleed — on Xilinx 7-Series FPGAs, tricking an FPGA into acting as a decryption oracle. For their UltraScale(+) series, Xilinx independently upgraded the security features to AES-GCM, RSA signatures, and a periodic GHASH-based checksum to validate the bitstream during decryption. Hence, UltraScale(+) devices were considered not affected by Starbleed-like attacks [2], [1].We identified novel security weaknesses in Xilinx UltraScale(+) FPGAs if configured outside recommended settings. In particular, we present four attacks in this situation: two attacks on the AES encryption and novel GHASH-based checksum and two authentication downgrade attacks. As a major contribution, we show that the Starbleed attack is still possible within the UltraScale(+) series by developing an attack against the GHASH-based checksum. After describing and analyzing the attacks, we list the subtle configuration changes which can lead to security vulnerabilities and secure configurations not affected by our attacks. As Xilinx only recommends configurations not affected by our attacks, users should be largely secure. However, it is not unlikely that users employ settings outside the recommendations, given the rather large number of configuration options and the fact that Security Misconfiguration is among the leading top 10 OWASP security issues. We note that these security weaknesses shown in this paper had been unknown before.

SaaS is a cloud-based application service that allows users to use applications that work in a cloud environment. SaaS is a subscription type, and the service expenditure varies depending on the license, the number of users, and duration of use. For efficient network management, security and cost management, accurate detection of user behavior for SaaS applications is required. In this paper, we propose a rule-based traffic analysis method for the user behavior detection. We conduct comparative experiments with signature-based method by using the real SaaS application and demonstrate the validity of the proposed method.

Peer-to-peer (P2P) energy trading is one of the promising approaches for implementing decentralized electricity market paradigms. In the P2P trading, each actor negotiates directly with a set of trading partners. Since the physical network or grid is used for energy transfer, power losses are inevitable, and grid-related costs always occur during the P2P trading. A proper market clearing mechanism is required for the P2P energy trading between different producers and consumers. This paper proposes a decentralized market clearing mechanism for the P2P energy trading considering the privacy of the agents, power losses as well as the utilization fees for using the third party owned network. Grid-related costs in the P2P energy trading are considered by calculating the network utilization fees using an electrical distance approach. The simulation results are presented to verify the effectiveness of the proposed decentralized approach for market clearing in P2P energy trading.

The electrical grid connects all the generating stations to supply uninterruptible power to the consumers. With the advent of technology, smart sensors and communication are integrated with the existing grid to behave like a smart system. This smart grid is a two-way communication that connects the consumers and producers. It is a connected smart network that integrates electricity generation, transmission, substation, distribution, etc. In this smart grid, clean, reliable power with a high-efficiency rate of transmission is available. In this paper, a highly efficient smart management system of a smart grid with overall protection is proposed. This management system checks and monitors the parameters periodically. This future technology also develops a smart transformer with ac and dc compatibility, for self-protection and for the healing process.

Any type of engineered design requires metrics for trading off both desirable and undesirable properties. For integrated circuits, typical properties include circuit size, performance, power, etc., where for example, performance is a desirable property and power consumption is not. Security metrics, on the other hand, are extremely difficult to develop because there are active adversaries that intend to compromise the protected circuitry. This implies metric values may not be static quantities, but instead are measures that degrade depending on attack effectiveness. In order to deal with this dynamic aspect of a security metric, a general attack model is proposed that enables the effectiveness of various security approaches to be directly compared in the context of an attack. Here, we describe, define and demonstrate that the metrics presented are both meaningful and measurable.

Blockchain as a tamper-proof, non-modifiable and traceable distributed ledger technology has received extensive attention. Although blockchain's immutability provides security guarantee, it prevents the development of new blockchain technology. As we think, there are several arguments to prefer a controlled modifiable blockchain, from the possibility to cancel the transaction and necessity to remove the illicit or harmful documents, to the ability to support the scalability of blockchain. Meanwhile, the rapid development of quantum technology has made the establishment of post-quantum cryptosystems an urgent need. In this paper, we put forward the first lattice-based redactable consortium blockchain scheme that makes it possible to rewrite or repeal the content of any blocks. Our approach uses a consensus-based election and lattice-based chameleon hash function (Cash and Hofheinz etc. EUROCRYPT 2010). With knowledge of secret trapdoor, the participant could find the hash collisions efficiently. And each member of the consortium blockchain has the right to edit the history.