Biblio

Campus Companies and network operators perform risk assessment to inform policy-making, guide infrastructure investments or to comply with security standards such as ISO 27001. Due to the size and complexity of these networks, risk assessment techniques such as attack graphs or trees describe the attacker with a finite set of rules. This characterization of the attacker can easily miss attack vectors or overstate them, potentially leading to incorrect risk estimation. In this work, we propose the first methodology to justify a rule-based attacker model. Conceptually, we add another layer of abstraction on top of the symbolic model of cryptography, which reasons about protocols and abstracts cryptographic primitives. This new layer reasons about Internet-scale networks and abstracts protocols.We show, in general, how the soundness and completeness of a rule-based model can be ensured by verifying trace properties, linking soundness to safety properties and completeness to liveness properties. We then demonstrate the approach for a recently proposed threat model that quantifies the confidentiality of email communication on the Internet, including DNS, DNSSEC, and SMTP. Using off-the-shelf protocol verification tools, we discover two flaws in their threat model. After fixing them, we show that it provides symbolic soundness.

Blockchain technology (BCT) has paved a way for new potentials of handling serious data privacy, integrity and security issues in healthcare. To curb the increasing challenges in healthcare industry, healthcare organizations need to apply blockchain technology to better improve patient safety and protect patients records from counterfeiting and fraud. The purpose of this research paper was to define BCT can assist in improving pharmaceutical industries in Saudi Arabia upon utilization of its application. This study adopted quantitative methods to gather the study data. Based on healthcare leaders perception and Internet connection, lack of cooperation, and economic inequality were found to be leading factors hindering the application of blockchain technology in the pharmaceutical industries, Saudi Arabia. Factors facilitating the application of blockchain technology in the pharmaceutical industries, Saudi Arabia were found as system robustness of BCT, increased data safety and decentralization, need for enhanced supply chain management and interoperability, and government laws and policies. Adopting interventions that are targeted to specific patient population medications, effective delivery systems, transit provider reimbursement far from intensity and volume of services towards value and quality was found to compromise the pre-existent challenges and real capacity in healthcare system. Although the relationship between implementation of blockchain technology and cost spending is negative in the short-term, in the long run, the relationship is positive Blockchain helps in managing multiple levels in a more secure way, reduces paper work and amplifies verification inefficiency.

Multicore processors are currently the focus of new and future critical-system architectures. However, they introduce new problems in regards to safety and security requirements. Real-time control flow monitoring techniques were proposed as solutions to detect the most common types of program errors and security attacks. We propose a new way to use the latest debug and trace architectures to achieve full and isolated real-time control flow monitoring. We present an online trace decoder FPGA component as a solution in the search for scalable and portable monitoring architectures. Our FPGA accelerator achieves real-time CPU monitoring with only 8% of used resources in a Zynq-7000 FPGA.

The Bitcoin blockchain is managed by an underlying peer-to-peer network. This network is responsible for the propagation of transactions carried out by users via the blocks (which contain the validated transactions), and to ensure consensus between the different nodes. The quality and safety of this network are therefore particularly essential. In this work, we present an open dataset on the peers composing the Bitcoin P2P Network that was made following a well defined and reproducible methodology. We also provide a first analysis of the dataset on three criteria: the number of public nodes and their client version and geographical distribution.

With the tremendous growth of IoT application, providing security to IoT systems has become more critical. In this paper, a technique is presented to ensure the safety of Internet of Things (IoT) devices. This technique ensures hardware and software security of IoT devices. Blockchain technology is used for software security and hardware logics are used for hardware security. For enabling a Blockchain, Ethereum Network is used for secure peer-to-peer transmission. A prototype model is also used using two IoT nodes to demonstrate the security logic.

The inference results of neural network accelerators often involve personal privacy or business secrets in intelligent systems. It is important for the safety of convolutional neural network (CNN) accelerator to prevent the key data and inference result from being leaked. The latest CNN models have started to combine with fully homomorphic encryption (FHE), ensuring the data security. However, the computational complexity, data storage overhead, inference time are significantly increased compared with the traditional neural network models. This paper proposed a lightweight FHE scheme on fully-connected layer for CNN hardware accelerator to achieve security inference, which not only protects the privacy of inference results, but also avoids excessive hardware overhead and great performance degradation. Compared with state-of-the-art works, this work reduces computational complexity by approximately 90% and decreases ciphertext size by 87%∼95%.

Usually on the top of Smart Chip covered with active shielding layer to prevent invasive physical exploration tampering attacks on part of the chip's function modules, to obtain the chip's critical storage data and sensitive information. This paper introduces a design based on UMC55 technology, and applied to the safety chip active shielding layer method for layout design, the layout design from the two aspects of the metal shielding line and shielding layer detecting circuit, using the minimum size advantage and layout design process when the depth of hidden shielding line interface and port order connection method and greatly increased the difficulty of physical attack. The layout design can withstand most of the current FIB physical attack technology, and has been applied to the actual smart card design, and it has important practical significance for the security design and attack of the chip.

In recent years, the Internet-of-Things (IoT)-based traffic management system (ITMS) has attracted the attention of researchers from different fields, such as the automotive industry, academia and traffic management, due to its ability to enhance road safety and improve traffic efficiency. ITMS uses the Vehicle Ad-hoc Network (VANET) to communicate messages about traffic conditions or the event on the route to ensure the safety of the commuter. ITMS uses wireless communication technology for communication between different devices. Wireless communication has challenges to privacy and security. Challenges such as confidentiality, authentication, integrity, non-repudiation, identity, trust are major concerns of either security or privacy or both. This paper discusses the features of the traffic system, the features of the traffic management system (TMS) and the features of IoT that can be used in TMS with its challenges. Further, this paper analyses the work done in the last few years with the future scope of IoT in the TMS.

Rescue robots are expected to soon become commonplace at disaster sites, where they are increasingly being deployed to provide rescuers with improved access and intervention capabilities while mitigating risks. The presence of robots in operation areas, however, is likely to carry a layer of additional ethical complexity to situations that are already ethically challenging. In addition, limited guidance is available for ethically informed, practical decision-making in real-life disaster settings, and specific ethics training programs are lacking. The contribution of this paper is thus to propose a tool aimed at supporting ethics training for rescuers operating with rescue robots. To this end, we have designed an interactive text-based simulation. The simulation was developed in Python, using Tkinter, Python's de-facto standard GUI. It is designed in accordance with the Case-Based Learning approach, a widely used instructional method that has been found to work well for ethics training. The simulation revolves around a case grounded in ethical themes we identified in previous work on ethical issues in rescue robotics: fairness and discrimination, false or excessive expectations, labor replacement, safety, and trust. Here we present the design of the simulation and the results of usability testing.

As multi-robot systems (MRS) are widely used in various tasks such as natural disaster response and social security, people enthusiastically expect an MRS to be ubiquitous that a general user without heavy training can easily operate. However, humans have various preferences on balancing between task performance and safety, imposing different requirements onto MRS control. Failing to comply with preferences makes people feel difficult in operation and decreases human willingness of using an MRS. Therefore, to improve social acceptance as well as performance, there is an urgent need to adjust MRS behaviors according to human preferences before triggering human corrections, which increases cognitive load. In this paper, a novel Meta Preference Learning (MPL) method was developed to enable an MRS to fast adapt to user preferences. MPL based on meta learning mechanism can quickly assess human preferences from limited instructions; then, a neural network based preference model adjusts MRS behaviors for preference adaption. To validate method effectiveness, a task scenario "An MRS searches victims in an earthquake disaster site" was designed; 20 human users were involved to identify preferences as "aggressive", "medium", "reserved"; based on user guidance and domain knowledge, about 20,000 preferences were simulated to cover different operations related to "task quality", "task progress", "robot safety". The effectiveness of MPL in preference adaption was validated by the reduced duration and frequency of human interventions.

The Robot Operation System (ROS) is widely used in academia as well as the industry to build custom robot applications. Successful cyberattacks on robots can result in a loss of control for the legitimate operator and thus have a severe impact on safety if the robot is moving uncontrollably. A high level of security thus needs to be mandatory. Neither ROS 1 nor 2 in their default configuration provide protection against network based attackers. Multiple protection mechanisms have been proposed that can be used to overcome this. Unfortunately, it is unclear how effective and usable each of them are. We provide a structured analysis of the requirements these protection mechanisms need to fulfill by identifying realistic, network based attacker models and using those to derive relevant security requirements and other evaluation criteria. Based on these criteria, we analyze the protection mechanisms available and compare them to each other. We find that none of the existing protection mechanisms fulfill all of the security requirements. For both ROS 1 and 2, we discuss which protection mechanism are most relevant and give hints on how to decide on one. We hope that the requirements we identify simplify the development or enhancement of protection mechanisms that cover all aspects of ROS and that our comparison helps robot operators to choose an adequate protection mechanism for their use case.

Increasingly, the transportation industry has moved towards automation to improve safety, fuel efficiency, and system productivity. However, the increased scrutiny that automated vehicles (AV) face over functional safety has hindered the industry's unbridled confidence in self-driving technologies. As AVs are cyber-physical systems, they utilize distributed control to accomplish a range of safety-critical driving tasks. The Operation Systems (OS) serve as the core of these control systems. Therefore, their designs and implementation must incorporate ways to protect AVs against what must be assumed to be inevitable cyberattacks to meet the overall AV functional safety requirements. This paper investigates the connection between functional safety and cybersecurity in the context of OS. This study finds that risks due to delays can worsen by potential cybersecurity vulnerabilities through a case example of an automated vehicle following. Furthermore, attack surfaces and cybersecurity countermeasures for protecting OSs from security breaches are addressed.

The main threats in complex networks for large-scale information systems using web browsers or service browsers are analyzed. The necessary security features for these types of systems are compared. The advantages of systems developed with service-browser technology are shown.

The digitalization process did not circumvent either railway domain. With new technology and new functionality, such as digital interlocking system, automated train operation, object recognition, GPS positioning, traditional railway domain got a vulnerability that can be exploited. Another issue is usage of CotS (Commercial-of-the-Shelf) hardware and software and openness of traditionally closed system. Most of published similar paper are focused on cyber security and security & safety model for securing of assessment in this kind of domain, but this paper will deal with this upcoming railway technology and digital investigation process in such kind of environment. Digital investigation process will be presented, but not only in ICS and SCADA system, but also in specific, railway environment. Framework for investigation process and for maintaining chain of custody in railway domain will be proposed.

Modern Industrial Automation & Control Systems (IACS) are essential part of the critical infrastructures and services. They are used in health, power, water, and transportation systems, and the impact of cyberattacks on IACS could be severe, resulting, for example, in damage to the environment, public or employee safety or health. Thus, building IACS safe and secure against cyberattacks is extremely important. The attacker model is one of the key elements in risk assessment and other security related information system management tasks. The aim of the study is to specify the attacker's profile based on the analysis of network and system events. The paper presents an approach to the selection of attacker's profile attributes from raw network and system events of the Linux OS. To evaluate the approach the experiments were performed on data collected within the Global CPTC 2019 competition.

In the information age, computer network technology has covered different areas of social life and involved various fields, and artificial intelligence, as an emerging technology with a very rapid development momentum in recent years, is important in promoting the development of computer network systems. This article explains the concept of artificial intelligence technology, describes the problems faced by computer networks, further analyses the advantages of artificial intelligence and the inevitability of application in network technology, and then studies the application of artificial intelligence in computer network technology.

Generally, the defense measures taken against new cyber-attack methods are insufficient for cybersecurity risk management. Contrary to classical attack methods, the existence of undiscovered attack types called' zero-day attacks' can invalidate the actions taken. It is possible with honeypot systems to implement new security measures by recording the attacker's behavior. The purpose of the honeypot is to learn about the methods and tools used by the attacker or malicious activity. In particular, it allows us to discover zero-day attack types and develop new defense methods for them. Attackers have made protocols such as SSH (Secure Shell) and Telnet, which are widely used for remote access to devices, primary targets. In this study, SSHTelnet honeypot was established using Cowrie software. Attackers attempted to connect, and attackers record their activity after providing access. These collected attacker log records and files uploaded to the system are published on Github to other researchers1. We shared the observations and analysis results of attacks on SSH and Telnet protocols with honeypot.

Electromagnetic (EM) radiation is an inherent phenomenon in the operation of electronic information equipment. The side-channel attack, malicious hardware and software implantation attack by using the EM radiation are implemented to steal information. This form of attacks can be used in air-gap information equipment, which bring great danger for information security. The malicious implantation hidden in circuits are difficult to detect. How to detect the implantation is a challenging problem. In this paper, a malicious hardware implantation is analyzed. A method that leverages EM signals for Trojan-embedded computer video cable detection is proposed. The method neither needs activating the Trojan nor requires near-field probe approaching at close. It utilizes recognizable patterns in the spectrum of EM to predict potential risks. This paper focuses on the extraction of feature vectors via the empirical mode decomposition (EMD) algorithm. Intrinsic mode functions (IMFs) are analyzed and selected to be eigenvectors. Using a common classification technique, we can achieve both effective and reliable detection results.

Cyber-physical systems, which are ubiquitous in modern critical infrastructure, oftentimes rely on sending actuation commands and sensor measurements over a network, subjecting this information to potential man-in-the-middle attacks. These attacks can take the form of denial of service attacks or integrity attacks. Previous approaches at ensuring the resiliency of the overall control system against these types of attacks have leveraged functional redundancy in the system, including resilient estimation and reconfigurable control. However, these approaches are only able to ensure resiliency up to a particular subset of the actuator commands and sensor measurements being compromised. In contrast, we introduce a resiliency mechanism in this paper that can ensure safety for the overall system when all the actuator commands and sensor measurements are compromised. In addition, this approach does not require the implementation of any detection algorithm. We leverage communication redundancy in the number of pathways across the network to guarantee safety when up to a certain percentage of those pathways are compromised. The conditions under which safety is guaranteed are presented along with the resiliency mechanism itself, and our results are illustrated via simulation.

Attack detection and recovery are fundamental elements for the operation of safe and resilient cyber-physical systems. Most of the literature focuses on attack-detection, while leaving attack-recovery as an open problem. In this paper, we propose novel attack-recovery control for securing cyber-physical systems. Our recovery control consists of new concepts required for a safe response to attacks, which includes the removal of poisoned data, the estimation of the current state, a prediction of the reachable states, and the online design of a new controller to recover the system. The synthesis of such recovery controllers for cyber-physical systems has barely investigated so far. To fill this void, we present a formal method-based approach to online compute a recovery control sequence that steers a system under an ongoing sensor attack from the current state to a target state such that no unsafe state is reachable on the way. The method solves a reach-avoid problem on a Linear Time-Invariant (LTI) model with the consideration of an error bound $ε$ $\geq$ 0. The obtained recovery control is guaranteed to work on the original system if the behavioral difference between the LTI model and the system's plant dynamics is not larger than $ε$. Since a recovery control should be obtained and applied at the runtime of the system, in order to keep its computational time cost as low as possible, our approach firstly builds a linear programming restriction with the accordingly constrained safety and target specifications for the given reach-avoid problem, and then uses a linear programming solver to find a solution. To demonstrate the effectiveness of our method, we provide (a) the comparison to the previous work over 5 system models under 3 sensor attack scenarios: modification, delay, and reply; (b) a scalability analysis based on a scalable model to evaluate the performance of our method on large-scale systems.

Trust is essential in designing autonomous and semiautonomous Robots and Autonomous Systems (RAS), because of the ``No trust, no use'' concept. RAS should provide high quality services, with four key properties that make them trustworthy: they must be (i) robust with regards to any system health related issues, (ii) safe for any matters in their surrounding environments, (iii) secure against any threats from cyber spaces, and (iv) trusted for human-machine interaction. This article thoroughly analyses the challenges in implementing the trustworthy RAS in respects of the four properties, and addresses the power of AI in improving the trustworthiness of RAS. While we focus on the benefits that AI brings to human, we should realize the potential risks that could be caused by AI. This article introduces for the first time the set of key aspects of human-centered AI for RAS, which can serve as a cornerstone for implementing trustworthy RAS by design in the future.

We study the use of Multiform Logical Time, as embodied in Esterel/SyncCharts and Clock Constraint Specification Language (CCSL), for the specification of assume-guarantee constraints providing safe driving rules related to time and space, in the context of Automated Driving Assistance Systems (ADAS). The main novelty lies in the use of logical clocks to represent the epochs of specific area encounters (when particular area trajectories just start overlapping for instance), thereby combining time and space constraints by CCSL to build safe driving rules specification. We propose the safe specification pattern at high-level that provide the required expressiveness for safe driving rules specification. In the pattern, multiform logical time provides the power of parameterization to express safe driving rules, before instantiation in further simulation contexts. We present an efficient way to irregularly update the constraints in the specification due to the context changes, where elements (other cars, road sections, traffic signs) may dynamically enter and exit the scene. In this way, we add constraints for the new elements and remove the constraints related to the disappearing elements rather than rebuild everything. The multi-lane highway scenario is used to illustrate how to irregularly and efficiently update the constraints in the specification while receiving a fresh scene.

In order to develop safety-reliable standards for IoT (Internet of Things) networks, appropriate tools for their verification are needed. Among them there is a group of tools based on automated symbolic analysis. Such a tool is Tamarin software. Its usage for creating formal proofs of security protocols correctness has been presented in this paper using the simple example of an exchange of messages with asynchronous encryption between two agents. This model can be used in sensor networks or IoT e.g. in TLS protocol to provide a mechanism for secure cryptographic key exchange.

DNN models have suffered from adversarial example attacks, which lead to inconsistent prediction results. As opposed to the gradient-based attack, which assumes white-box access to the model by the attacker, we focus on more realistic input perturbations from the real-world and their actual impact on the model robustness without any presence of the attackers. In this work, we promote a standardized framework to quantify the robustness against real-world threats. It is composed of a set of safety properties associated with common violations, a group of metrics to measure the minimal perturbation that causes the offense, and various criteria that reflect different aspects of the model robustness. By revealing comparison results through this framework among 13 pre-trained ImageNet classifiers, three state-of-the-art object detectors, and three cloud-based content moderators, we deliver the status quo of the real-world model robustness. Beyond that, we provide robustness benchmarking datasets for the community.

This paper presents an introduction to functional safety through ISO 26262 focusing on system, software and hardware possible failures that bring security threats and discussion on DO 254. It discusses the approach to bridge the gap between different other hazard level and system ability to identify the particular fault and resolve it minimum time span possible. Results are analyzed by designing models to check and avoid all the failures, loophole prior development.