Biblio

Internet of Things is nowadays growing faster than ever before. Operators are planning or already creating dedicated networks for this type of devices. There is a need to create dedicated solutions for this type of network, especially solutions related to information security. In this article we present a mechanism of security-aware routing, which takes into account the evaluation of trust in devices and packet flows. We use trust relationships between flows and network nodes to create secure SDN paths, not ignoring also QoS and energy criteria. The system uses SDN infrastructure, enriched with Cognitive Packet Networks (CPN) mechanisms. Routing decisions are made by Random Neural Networks, trained with data fetched with Cognitive Packets. The proposed network architecture, implementing the security-by-design concept, was designed and is being implemented within the SerIoT project to demonstrate secure networks for the Internet of Things (IoT).

Phishing attacks continue to be one of the most common attack vectors used online today to deceive users, such that attackers can obtain unauthorised access or steal sensitive information. Phishing campaigns often vary in their level of sophistication, from mass distribution of generic content, such as delivery notifications, online purchase orders, and claims of winning the lottery, through to bespoke and highly-personalised messages that convincingly impersonate genuine communications (e.g., spearphishing attacks). There is a distinct trade-off here between the scale of an attack versus the effort required to curate content that is likely to convince an individual to carry out an action (typically, clicking a malicious hyperlink). In this short paper, we conduct a preliminary study on a recent realworld incident that strikes a balance between attacking at scale and personalised content. We adopt different visualisation tools and techniques for better assessing the scale and impact of the attack, that can be used both by security professionals to analyse the security incident, but could also be used to inform employees as a form of security awareness and training. We pitched the approach to IT professionals working in information security, who believe this may provide improved awareness of how targeted phishing campaigns can impact an organisation, and could contribute towards a pro-active step of how analysts will examine and mitigate the impact of future attacks across the organisation.

Operators of cyber-physical systems (CPSs) need to maintain awareness of the cyber situation in order to be able to adequately address potential issues in a timely manner. For instance, detecting early symptoms of cyber attacks may speed up the incident response process and mitigate consequences of attacks (e.g., business interruption, safety hazards). However, attaining a full understanding of the cyber situation may be challenging, given the complexity of CPSs and the ever-changing threat landscape. In particular, CPSs typically need to be continuously operational, may be sensitive to active scanning, and often provide only limited in-depth analysis capabilities. To address these challenges, we propose to utilize the concept of digital twins for enhancing cyber situational awareness. Digital twins, i.e., virtual replicas of systems, can run in parallel to their physical counterparts and allow deep inspection of their behavior without the risk of disrupting operational technology services. This paper reports our work in progress to develop a cyber situational awareness framework based on digital twins that provides a profound, holistic, and current view on the cyber situation that CPSs are in. More specifically, we present a prototype that provides real-time visualization features (i.e., system topology, program variables of devices) and enables a thorough, repeatable investigation process on a logic and network level. A brief explanation of technological use cases and outlook on future development efforts completes this work.

Nowadays, IoT has crossed all borders and become ubiquitous in everyday life. This emerging technology has a huge success in closing the gap between the digital and the real world. However, security and privacy become huge concerns especially in the medical field which prevent the healthcare industry from adopting it despite its benefits and potentials. This paper focuses on identifying potential security threats to the IoMT and presents the security mechanisms to remove any possible impediment from immune information security of IoMT. A summarized framework of the layered-security model is proposed followed by a specific assessment review of each layer.

this paper first analyses the new challenges of power information network management, difficulties of the power information network resource survey and vulnerability detection are proposed. Then, a linkage model of network resource survey and vulnerability detection is designed, and the framework of three modules in the model is described, meanwhile the process of network resources survey and vulnerability detection linkage is proposed. Finally, the implementation technologies are given corresponding to the main functions of each module.

In order to improve the information security level of intelligent substation, this paper proposes an intelligent substation information security assessment tool through the research and analysis of intelligent substation information security risk and information security assessment method, and proves that the tool can effectively detect it. It is of great significance to carry out research on industrial control systems, especially intelligent substation information security.

The security of an organization lies not only in physical buildings, but also in its information assets. Safeguarding information assets requires further study to establish optimal security mitigation steps. In determining the appropriate mitigation of information assets, both an information security risk assessment and a clear and measurable rating are required. Most risk management methods do not provide the right focus on ranking the critical information assets of an organization. This paper proposes a framework approach for ranking critical information assets. The proposed framework uses the OCTAVE Allegro method, which focuses on profiling information assets by combining ranking priority measurements using decision support system methods, such as Simple Additive Weighting (SAW) and Analytic Hierarchy Process (AHP). The combined OCTAVE Allegro-SAW and OCTAVE Allegro-AHP methods are expected to better address risk priority as an input to making mitigation decisions for critical information assets. These combinations will help management to avoid missteps in adjusting budget needs allocation or time duration by selecting asset information mitigation using the ranking results of the framework.

In this study, the enactment of information security risk management by novice practitioners is studied by applying an analytical lens of security-related stress. Two organisations were targeted in the study using a case study approach to obtain data about their practices. The study identifies stressors and stress inhibitors in the ISRM process and the supporting ISRM tools and discusses the implications for practitioners. For example, a mismatch between security standards and how they are interpreted in practice has been identified. This mismatch was further found to be strengthened by the design of the used ISRM tools. Those design shortcomings hamper agility since they may enforce a specific workflow or may restrict documentation. The study concludes that security-related stress can provide additional insight into security-novice practitioners' ISRM challenges.

The endeavor to achieving software security consists of a set of risk-based security engineering processes during software development. In iterative software development, the software design typically evolves as the project matures, and the technical environment may undergo considerable changes. This increases the work load of identifying, assessing and managing the security risk by each iteration, and after every change. Besides security risk, the changes also accumulate technical debt, an allegory for postponed or sub-optimally performed work. To manage the security risk in software development efficiently, and in terms and definitions familiar to software development organizations, the concept of technical debt is extended to contain security debt. To accommodate new technical debt with potential security implications, a security debt management approach is introduced. The selected approach is an extension to portfolio-based technical debt management framework. This includes identifying security risk in technical debt, and also provides means to expose debt by security engineering techniques that would otherwise remained hidden. The proposed approach includes risk-based extensions to prioritization mechanisms in existing technical debt management systems. Identification, management and repayment techniques are presented to identify, assess, and mitigate the security debt.

The main information and communication systems (ICS) effectiveness parameters are: reliability, resiliency, network bandwidth, service quality, profitability and cost, malware protection, information security, etc. Most modern ICS refers to multiuser systems, which implement the most promising method of distributing subscribers (users), namely, the code distribution, at which, subscribers are provided with appropriate forms of discrete sequences (signatures). Since in multiuser systems, channels code division is based on signal difference, then the ICS construction and systems performance indicators are determined by the chosen signals properties. Distributed spectrum technology is the promising direction of information security for telecommunication systems. Currently used data generation and processing methods, as well as the broadband signal classes used as a physical data carrier, are not enough for the necessary level of information security (information secrecy, imitation resistance) as well as noise immunity (impedance reception, structural secrecy) of the necessary (for some ICS applications). In this case, discrete sequences (DS) that are based on nonlinear construction rules and have improved correlation, ensemble and structural properties should be used as DS that extend the spectrum (manipulate carrier frequency). In particular, with the use of such signals as the physical carrier of information or synchronization signals, the time expenditures on the disclosure of the signal structure used are increasing and the setting of "optima", in terms of the counteracting station, obstacles becomes problematic. Complex signals obtained on such sequences basis have structural properties, similar to random (pseudorandom) sequences, as well as necessary correlation and ensemble properties. For designing signals for applications applied for measuring delay time, signal detecting, synchronizing stations and etc, side-lobe levels of autocorrelation function (ACF) minimization is essential. In this paper, the problem of optimizing the synthesis of nonlinear discrete sequences, which have improved ensemble, structural and autocorrelation properties, is formulated and solved. The use of nonlinear discrete signals, which are formed on the basis of such sequences, will provide necessary values for impedance protection, structural and information secrecy of ICS operation. Increased requirements for ICS information security, formation and performance data in terms of internal and external threats (influences), determine objectively existing technical and scientific controversy to be solved is goal of this work.The paper presents the results of solving the actual problem of performance indicators improvements for information and communication systems, in particular secrecy, information security and noise immunity with interfering influences, based on the nonlinear discrete cryptographic signals (CS) new classes synthesis with the necessary properties.

Wireless networks offer great flexibility and ease of deployment for the rapid implementation of smart grids. However, these data network technologies are prone to security issues. Especially, the risk of eavesdropping attacks increases due to the inherent characteristics of the wireless medium. In this context, physical layer security can augment secrecy through appropriate coding and signal processing. In this paper we consider the use of faster-than-Nyquist signaling to introduce artificial noise in the wireless network segment of the smart grid; with the aim of reinforce the information security at the physical layer. The results show that the proposed scheme can significantly improves the secrecy rate of the channel. Guaranteeing, in coexistence with other security mechanisms and despite the presence of potential eavesdroppers, a reliable and secure flow of information for smart grids.

The operating system is extremely important for both "Made in China 2025" and ubiquitous electric power Internet of Things. By investigating of five key requirements for ubiquitous electric power Internet of Things at the OS level (performance, ecosystem, information security, functional security, developer framework), this paper introduces the intelligent NARI microkernel Operating System and its innovative schemes. It is implemented with microkernel architecture based on the trusted computing. Some technologies such as process based fine-grained real-time scheduling algorithm, sigma0 efficient message channel and service process binding in multicore are applied to improve system performance. For better ecological expansion, POSIX standard API is compatible, Linux container, embedded virtualization and intelligent interconnection technology are supported. Native process sandbox and mimicry defense are considered for security mechanism design. Multi-level exception handling and multidimensional partition isolation are adopted to provide High Reliability. Theorem-assisted proof tools based on Isabelle/HOL is used to verify the design and implementation of NARI microkernel OS. Developer framework including tools, kit and specification is discussed when developing both system software and user software on this IoT OS.

There has been a growing expansion in the use of steganography, due to the evolution in using internet technology and multimedia technology. Hence, nowadays, the information is not secured sufficiently while transmitting it over the network. Therefore, information security has taken an important role to provide security against unauthorized individuals. This paper proposes steganography and cryptography technique to secure image based on hybrid edge detector. Cryptography technique is used to encrypt a secret image by using Vernam cipher algorithm. The robust of this algorithm is depending on pseudorandom key. Therefore, pseudo-random key is generated from a nonlinear feedback shift register (Geffe Generator). While in steganography, Hybrid Sobel and Kirch edge detector have been applied on the cover image to locate edge pixels. The least significant bit (LSB) steganography technique is used to embed secret image bits in the cover image in which 3 bits are embedded in edge pixel and 2 bits in smooth pixel. The proposed method can be used in multi field such as military, medical, communication, banking, Electronic governance, and so on. This method gives an average payload ratio of 1.96 with 41.5 PSNR on average. Besides, the maximum size of secret image that can be hidden in the cover image of size 512*512 is 262*261. Also, when hiding 64800 bits in baboon cover image of size 512*512, it gives PSNR of 50.42 and MSE of 0.59.

In recent years, cyber attack techniques are increasingly sophisticated, and blocking the attack is more and more difficult, even if a kind of counter measure or another is taken. In order for a successful handling of this situation, it is crucial to have a prediction of cyber attacks, appropriate precautions, and effective utilization of cyber intelligence that enables these actions. Malicious hackers share various kinds of information through particular communities such as the dark web, indicating that a great deal of intelligence exists in cyberspace. This paper focuses on forums on the dark web and proposes an approach to extract forums which include important information or intelligence from huge amounts of forums and identify traits of each forum using methodologies such as machine learning, natural language processing and so on. This approach will allow us to grasp the emerging threats in cyberspace and take appropriate measures against malicious activities.

Nowadays, the industrial control systems (ICS) face many challenges, where security is becoming one of the most crucial. This fact is caused by new connected environment, which brings among new possibilities also new vulnerabilities, threats, or possible attacks. The criminal acts in the ICS area increased over the past years exponentially, which caused the loss of billions of dollars. This also caused classical Intrusion Detection Systems and Intrusion Prevention Systems to evolve in order to protect among IT also ICS networks. However, these systems need sufficient data such as traffic logs, protocol information, attack patterns, anomaly behavior marks and many others. To provide such data, the requirements for the test environment are summarized in this paper. Moreover, we also introduce more than twenty common vulnerabilities across the ICS together with information about possible risk, attack vector (point), possible detection methods and communication layer occurrence. Therefore, the paper might be used as a base-ground for building sufficient data generator for machine learning and artificial intelligence algorithms often used in ICS/IDS systems.

The internet paradigm was designed to forward packets from host-to-host. But nowadays the focal point has moved to data. The Internet Centric Network (ICN) provides architectures to meet this requirement. The Content Centric Network (CCN) is the most widely used ICN architecture. Information Centric Network's ability to perform in-network caching lead to faster retrieval of data on subsequent request. Although latency is solved, caching in a router makes it vulnerable to attacks that focus on the cache. One such attack is content poisoning, that will fill the router with poisoned content making the end user difficult to retrieve original valid data. In this paper, we propose a solution to mitigate content poisoning attack that will consume minimum time and require minimal storage overhead during the verification process.

The task of the insider threat detection is one of the most sophisticated problems of the information security. The analysis of the logs of the access control system may reveal on how employees move and interact providing thus better understanding on how personnel observe security policies and established business processes. The paper presents an approach to the detection of the location-centric employees' interaction patterns. The authors propose the formal definition of the interaction patterns and present the visualization-driven technique to the extraction of the patterns from the data when any prior information about existing interaction routine and procedures is not available. The proposed approach is demonstrated on the data set provided within VAST MiniChallenge-2 2016 contest.

In today's interconnected world, universities recognize the importance of protecting their information assets from internal and external threats. Being the possible insider threats to Information Security, employees are often coined as the weakest link. Both employees and organizations should be aware of this raising challenge. Understanding staff perception of compliance behaviour is critical for universities wanting to leverage their staff capabilities to mitigate Information Security risks. Therefore, this research seeks to get insights into staff perception based on factors adopted from several theories by using proposed constructs i.e. "perceived" practices/policies and "perceived" intention to comply. Drawing from the General Deterrence Theory, Protection Motivation Theory, Theory of Planned Behaviour and Information Reinforcement, within the context of Palestine universities, this paper integrates staff awareness of Information Security Policies (ISP) countermeasures as antecedents to ``perceived'' influencing factors (perceived sanctions, perceived rewards, perceived coping appraisal, and perceived information reinforcement). The empirical study is designed to follow a quantitative research approaches, use survey as a data collection method and questionnaires as the research instruments. Partial least squares structural equation modelling is used to inspect the reliability and validity of the measurement model and hypotheses testing for the structural model. The research covers ISP awareness among staff and seeks to assert that information security is the responsibility of all academic and administrative staff from all departments. Overall, our pilot study findings seem promising, and we found strong support for our theoretical model.

The constant changing of technologies have brought to critical infrastructure organisations numerous information security threats such as insider threat. Critical infrastructure organisations have difficulties to early detect and capture the possible vital signs of insider threats due sometimes to lack of effective methodologies or frameworks. It is from this viewpoint that, this paper proposes a symptomatic insider threat risk assessments framework known as Insider Threat Framework for Namibia Critical Infrastructure Organization (ITFNACIO), aimed to predict the probable signs of insider threat based on Symptomatic Analysis (SA), and develop a prototype as a proof of concept. A case study was successfully used to validate and implement the proposed framework; hence, qualitative methodology was employed throughout the whole research process where two (2) insider threats were captured. The proposed insider threat framework can be further developed in multiple cases and a more automated system able to trigger an early warning system of possible insider threat events.

As cloud services enter the Internet market, cloud security issues are gradually exposed. In the era of knowledge economy, the unique potential value of big data is being gradually explored. However, the control of data security is facing many challenges. According to the development status and characteristics of database within the cloud environment, this paper preliminary studies on the database security risks faced by the “three-clouds” of State Grid Corporation of China. Based on the mature standardization of information security, this paper deeply studies the database security requirements of cloud environment, and six-step method for cloud database protection is presented, which plays an important role in promoting development of security work for the cloud database. Four key technologies of cloud database security protection are introduced, including database firewall technology, sensitive data encryption, production data desensitization, and database security audit technology. It is helpful to the technology popularization of the grade protection in the security of the cloud database, and plays a great role in the construction of the security of the state grid.

Proposed an approach for information security breaches detection in distributed control systems based on prediction of multidimensional time series formed of sensor and actuator data.

Information security has become a major challenge in data transmission. Data transmitted through the network is vulnerable to many passive and active attacks. Cryptographic algorithms provide security against the data intruders and provide secure network communication. In this method, two algorithms TEA and DNA are combined to form a new algorithm called DETD (Double Encryption using TEA and DNA). The algorithm mainly deals with encryption and decryption time of a given input text. Here, both the encryption and decryption time are compared with the other two algorithms and the results are recorded. This algorithm also aims to provide data security by increasing the levels of encryption.

Information security is winding up noticeably more vital in information stockpiling and transmission. Images are generally utilised for various purposes. As a result, the protection of image from the unauthorised client is critical. Established encryption techniques are not ready to give a secure framework. To defeat this, image encryption is finished through DNA encoding which is additionally included with confused 1D and 2D logistic maps. The key communication is done through the quantum channel using the BB84 protocol. To recover the encrypted image DNA decoding is performed. Since DNA encryption is invertible, decoding can be effectively done through DNA subtraction. It decreases the complexity and furthermore gives more strength when contrasted with traditional encryption plans. The enhanced strength of the framework is measured utilising measurements like NPCR, UACI, Correlation and Entropy.

The information security of urban rail transit system faces great challenges. As a subsystem of the subway, BAS is short for Building Automation System, which is used to monitor and manage subway equipment and environment, also facing the same problem. Based on the characteristics of BAS, this paper designed a targeted intrusion detection expert system. This paper focuses on the design of knowledge base and the inference engine of intrusion detection system based on expert system. This study laid the foundation for the research on information security of the entire rail transit system.

The Internet of Things (IoT) vulnerabilities provides an ideal target for botnets, making them a major contributor in the increased number of Distributed Denial of Service (DDoS) attacks. The increase in DDoS attacks has made it important to address the consequences it implies on the IoT industry being one of the major causes. The aim of this paper is to provide an analysis of the attempts to prevent DDoS attacks, mainly at a network level. The sensibility of these solutions is extracted from their impact in resolving IoT vulnerabilities. It is evident from this review that there is no perfect solution yet for IoT security, this field still has many opportunities for research and development.