Biblio

Recently, Mobile Edge Cloud computing (MEC) has attracted attention both from academia and industry. The idea of moving a part of cloud resources closer to users and data sources can bring many advantages in terms of speed, data traffic, security and context-aware services. The MEC infrastructure does not only host and serves applications next to the end-users, but services can be dynamically migrated and reallocated as mobile users move in order to guarantee latency and performance constraints. This specific requirement calls for the involvement and collaboration of multiple MEC providers, which raises a major issue related to trustworthiness. Two main challenges need to be addressed: i) trustworthiness needs to be handled in a manner that does not affect latency or performance, ii) trustworthiness is considered in different dimensions - not only security metrics but also performance and quality metrics in general. In this paper, we propose a trust layer for public MEC infrastructure that handles establishing and updating trust relations among all MEC entities, making the interaction withing a MEC network transparent. First, we define trust attributes affecting the trusted quality of the entire infrastructure and then a methodology with a computation model that combines these trust attribute values. Our experiments showed that the trust model allows us to reduce latency by removing the burden from a single MEC node, while at the same time increase the network trustworthiness.

5G improves previous generations not only in terms of radio access but the whole infrastructure and services paradigm. Automation, dynamism and orchestration are now key features that allow modifying network behaviour, such as Virtual Network Functions (VNFs), and resource allocation reactively and on demand. However, such dynamic ecosystem must pay special attention to security while ensuring that the system actions are trustworthy and reliable. To this aim, this paper introduces the integration of the Manufacturer Usage Description (MUD) standard alongside a Trust and Reputation Manager (TRM) into the INSPIRE-5GPlus framework, enforcing security properties defined by MUD files while the whole infrastructure, virtual and physical, as well as security metrics are continuously audited to compute trust and reputation values. These values are later fed to enhance trustworthiness on the zero-touch decision making such as the ones orchestrating end-to-end security in a closed-loop.

The paper describes a methodology for assessing non-functional requirements, such as trust characteristics for applications running on computationally constrained devices in the Internet of Things. The methodology is demonstrated through an example of a microcontroller-based temperature monitoring system. The concepts of trust and trustworthiness for software and devices of the Internet of Things are complex characteristics for describing the correct and secure operation of such systems and include aspects of operational and information security, reliability, resilience and privacy. Machine learning models, which are increasingly often used for such tasks in recent years, are resource-consuming software implementations. The paper proposes to use a logic circuit model to implement the above algorithms as an additional module for computationally constrained devices for checking the trustworthiness of applications running on them. Such a module could be implemented as a hardware, for example, as an FPGA in order to achieve more effectiveness.

At present, in the face of the huge and complex data in cloud computing, the parallel computing ability of quantum computing is particularly important. Quantum principal component analysis algorithm is used as a method of quantum state tomography. We perform feature extraction on the eigenvalue matrix of the density matrix after feature decomposition to achieve dimensionality reduction, proposed quantum principal component extraction algorithm (QPCE). Compared with the classic algorithm, this algorithm achieves an exponential speedup under certain conditions. The specific realization of the quantum circuit is given. And considering the limited computing power of the client, we propose a quantum homomorphic ciphertext dimension reduction scheme (QHEDR), the client can encrypt the quantum data and upload it to the cloud for computing. And through the quantum homomorphic encryption scheme to ensure security. After the calculation is completed, the client updates the key locally and decrypts the ciphertext result. We have implemented a quantum ciphertext dimensionality reduction scheme implemented in the quantum cloud, which does not require interaction and ensures safety. In addition, we have carried out experimental verification on the QPCE algorithm on IBM's real computing platform. Experimental results show that the algorithm can perform ciphertext dimension reduction safely and effectively.

Cyber resilience has become a strategic point of information security in recent years. In the face of complex attack means and severe internal and external threats, it is difficult to achieve 100% protection against information systems. It is necessary to enhance the continuous service of information systems based on network resiliency and take appropriate compensation measures in case of protection failure, to ensure that the mission can still be achieved under attack. This paper combs the definition, cycle, and state of cyber resilience, and interprets the cyber resiliency engineering framework, to better understand cyber resilience. In addition, we also discuss the evolution of security architecture and analyze the impact of cyber resiliency on security architecture. Finally, the strategies and schemes of enhancing cyber resilience represented by zero trust and endogenous security are discussed.

Though intrusion detection systems provide actionable alerts based on signature-based or anomaly-based traffic patterns, the majority of systems still rely on human analysts to identify and contain the root cause of security incidents. This process is naturally susceptible to human error and is time-consuming, which may allow for further enumeration and pivoting within a compromised environment. Through this paper, we have augmented traditional signature-based network intrusion detection systems with a trust framework whose reduction and redemption values are a function of the severity of the incident, the degree of connectivity of nodes and the time elapsed. A lightweight implementation on the nodes coupled with a multithreaded approach on the central trust server has shown the capability to scale to larger networks with high traffic volumes and a varying proportion of suspicious traffic patterns.

Trust is an important emerging area of study in human-robot cooperation. Many studies have begun to look at the issue of robot (agent) capability as a predictor of human trust in the robot. However, the assumption that agent capability is the sole predictor of human trust could underestimate the complexity of the problem. This study aims to investigate the effects of agent-strategy and agent-capability in a visual search task. Fourteen subjects were recruited to partake in a web-based grid search task. They were each paired with a series of autonomous agents to search an on-screen grid to find a number of outlier objects as quickly as possible. Both the human and agent searched the grid concurrently and the human was able to see the movement of the agent. Each trial, a different autonomous agent with its assigned capability, used one of three search strategies to assist their human counterpart. After each trial, the autonomous agent reported the number of outliers it found, and the human subject was asked to determine the total number of outliers in the area. Some autonomous agents reported only a fraction of the outliers they encountered, thus coding a varying level of agent capability. Human subjects then evaluated statements related to the behavior, reliability, and trust of the agent. The results showed increased measures of trust and reliability with increasing capability. Additionally, the most legible search strategies received the highest average ratings in a measure of familiarity. Remarkably, given no prior information about capabilities or strategies that they would see, subjects were able to determine consistent trustworthiness of the agent. Furthermore, both capability and strategy of the agent had statistically significant effects on the human’s trust in the agent.

In this paper, we propose a novel protocol to represent the human factor on a blockchain environment. Our approach allows single or groups of humans to propose data in blocks which cannot be validated automatically but need human knowledge and collaboration to be validated. Only if human-based consensus on the correctness and trustworthiness of the data is reached, the new block is appended to the blockchain. This human approach significantly extends the possibilities of blockchain applications on data types apart from financial transaction data.

In human-machine systems (HMS), trust placed by humans on machines is a complex concept and attracts increasingly research efforts. Herein, we reviewed recent studies on building and measuring trust in HMS. The review was based on one comprehensive model of trust – IMPACTS, which has 7 features of intention, measurability, performance, adaptivity, communication, transparency, and security. The review found that, in the past 5 years, HMS fulfill the features of intention, measurability, communication, and transparency. Most of the HMS consider the feature of performance. However, all of the HMS address rarely the feature of adaptivity and neglect the feature of security due to using stand-alone simulations. These findings indicate that future work considering the features of adaptivity and/or security is imperative to foster human trust in HMS.

Trust in autonomous teammates has been shown to be a key factor in human-autonomy team (HAT) performance, and anthropomorphism is a closely related construct that is underexplored in HAT literature. This study investigates whether perceived anthropomorphism can be measured from team communication behaviors in a simulated remotely piloted aircraft system task environment, in which two humans in unique roles were asked to team with a synthetic (i.e., autonomous) pilot agent. We compared verbal and self-reported measures of anthropomorphism with team error handling performance and trust in the synthetic pilot. Results for this study show that trends in verbal anthropomorphism follow the same patterns expected from self-reported measures of anthropomorphism, with respect to fluctuations in trust resulting from autonomy failures.

The advancement of AI enables the evolution of machines from relatively simple automation to completely autonomous systems that augment human capabilities with improved quality and productivity in work and life. The singularity is near! However, humans are still vulnerable. The COVID-19 pandemic reminds us of our limited knowledge about nature. The recent accidents involving Boeing 737 Max passengers ring the alarm again about the potential risks when using human-autonomy symbiosis technologies. A key challenge of safe and effective human-autonomy teaming is enabling “trust” between the human-machine team. It is even more challenging when we are facing insufficient data, incomplete information, indeterministic conditions, and inexhaustive solutions for uncertain actions. This calls for the imperative needs of appropriate design guidance and scientific methodologies for developing safety-critical autonomous systems and AI functions. The question is how to build and maintain a safe, effective, and trusted partnership between humans and autonomous systems. This talk discusses a context-based and interaction-centred design (ICD) approach for developing a safe and collaborative partnership between humans and technology by optimizing the interaction between human intelligence and AI. An associated trust model IMPACTS (Intention, Measurability, Performance, Adaptivity, Communications, Transparency, and Security) will also be introduced to enable the practitioners to foster an assured and calibrated trust relationship between humans and their partner autonomous systems. A real-world example of human-autonomy teaming in a military context will be explained to illustrate the utility and effectiveness of these trust enablers.

Autonomous vehicles (AVs) offer a wide range of promising benefits by reducing traffic accidents, environmental pollution, traffic congestion and land usage etc. However, to reap the intended benefits of AVs, it is inevitable that this technology should be trusted and accepted by the public. The consumer's substantial trust upon AVs will lead to its widespread adoption in the real-life. It is well understood that the preservation of strong security and privacy features influence a consumer's trust on a product in a positive manner. In this paper, we introduce a novel concept of digital labels for AVs to increase consumers awareness and trust regarding the security level of their vehicle. We present an architecture called Cybersecurity Box (CSBox) that leverages digital labels to display and inform consumers and passengers about cybersecurity status of the AV in use. The introduction of cybersecurity digital labels on the dashboard of AVs would attempt to increase the trust level of consumers and passengers on this promising technology.

Networked embedded systems (which include IoT, CPS, etc.) are vulnerable. Even though we know how to secure these systems, their heterogeneity and the heterogeneity of security policies remains a major problem. Designers face ever more sophisticated attacks while they are not always security experts and have to get a trade-off on design criteria. We propose in this paper the CLASA architecture (Cross-Layer Agent Security Architecture), a generic, integrated, inter-operable, decentralized and modular architecture which relies on cross-layering.

Internet of Things (IoT) is flourishing in several application areas, such as smart cities, smart factories, smart homes, smart healthcare, etc. With the adoption of IoT in critical scenarios, it is crucial to investigate its security aspects. All the layers of IoT are vulnerable to severely disruptive attacks. However, the attacks in IoT Network layer have a high impact on communication between the connected objects. Routing in most of the IoT networks is carried out by IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL). RPL-based IoT offers limited protection against routing attacks. A trust-based approach for routing security is suitable to be integrated with IoT systems due to the resource-constrained nature of devices. This research proposes a trust-based secure routing protocol to provide security against packet dropping attacks in RPL-based IoT networks. IoT networks are dynamic and consist of both static and mobile nodes. Hence the chosen trust metrics in the proposed method also include the mobility-based metrics for trust evaluation. The proposed solution is integrated into RPL as a modified objective function, and the results are compared with the default RPL objective function, MRHOF. The analysis and evaluation of the proposed protocol indicate its efficacy and adaptability in a mobile IoT environment.

In the recent years, mobile ad hoc wireless networks (MANETs) have experienced a tremendous rise in popularity and usage due to their flexibility and ability to provide connectivity from anywhere at any time. In general, MANETs provide mobile communication to participating nodes in situation where nodes do not need access to an existing network infrastructure. MANETs have a network topology that changes over time due to lack of infrastructure and mobility of nodes. Detection of a malicious node in MANETs is hard to achieve due to the dynamic nature of the relationships between moving node and the nature of the wireless channel. Most traditional Intrusion Detection System (IDS) are designed to operate in a centralized manner; and do not operate properly in MANET because data in MANETs is distributed in different network devices. In this paper, we present an Hierarchical Cooperative Intrusion Detection Method (HCIDM) to secure packets routing in MANETs. HCIDM is a distributed intrusion detection mechanism that uses collaboration between nodes to detect active attacks against the routing table of a mobile ad hoc network. HCIDM reduces the effectiveness of the attack by informing other nodes about the existence of a malicious node to keep the performance of the network within an acceptable level. The novelty of the mechanism lies in the way the responsibility to protect the networks is distributed among nodes, the trust level is computed and the information about the presence of a malicious is communicated to potential victim. HCIDM is coded using the Network Simulator (NS-2) in an ad hoc on demand distance vector enable MANET during a black hole attack. It is found that the HCIDM works efficiently in comparison with an existing Collaborative Clustering Intrusion Detection Mechanism (CCIDM), in terms of delivery ratio, delay and throughput.

Blockchain transactions are signed by private keys. Secure key storage and tamper resistant computing, are critical requirements for deployments of trusted infrastructure. In this paper we identify some threats against blockchain wallets, and we introduce a set of physical and logical countermeasures in order to defeat them. We introduce open software and hardware architectures based on secure elements, which enable detection of cloned device and corrupted software. These technologies are based on resistant computing (javacard), smartcard anti cloning, smartcard self content attestation, applicative firewall, bare metal architecture, remote attestation, dynamic PUF (Physical Unclonable Function), and programming token as root of trust.

Digitalisation of domains such as medical and railway utilising cloud and networking technologies such as 5G and forthcoming 6G systems presents additional security challenges. The establishment of the identity, integrity and provenance of devices, services and other functional components removed a number of attack vectors and addresses a number of so called zero-trust security requirements. The addition of trusted hardware, such as TPM, and related remote attestation integrated with the networking and cloud infrastructure will be necessary requirement.

Under the background of increasingly severe security situation, the new working mode of power mobile internet business anytime and anywhere has greatly increased the complexity of network interaction. At the same time, various means of breaking through the boundary protection and moving laterally are emerging in an endless stream. The existing boundary-based mobility The security protection architecture is difficult to effectively respond to the current complex and diverse network attacks and threats, and faces actual combat challenges. This article first analyzes the security risks faced by the existing power mobile Internet services, and conducts a collaborative analysis of the key points of zero-trust based security protection from multiple perspectives such as users, terminals, and applications; on this basis, from identity security authentication, continuous trust evaluation, and fine-grained access The dimension of control, fine-grained access control based on identity trust, and the design of a zero-trust-based power mobile interconnection business security protection framework to provide theoretical guidance for power mobile business security protection.

Trust estimation of vehicles is vital for the correct functioning of Vehicular Ad Hoc Networks (VANETs) as it enhances their security by identifying reliable vehicles. However, accurate trust estimation still remains distant as existing works do not consider all malicious features of vehicles, such as dropping or delaying packets, altering content, and injecting false information. Moreover, data consistency of messages is not guaranteed here as they pass through multiple paths and can easily be altered by malicious relay vehicles. This leads to difficulty in measuring the effect of content tampering in trust calculation. Further, unreliable wireless communication of VANETs and unpredictable vehicle behavior may introduce uncertainty in the trust estimation and hence its accuracy. In this view, we put forward three trust factors - captured by fuzzy sets to adequately model malicious properties of a vehicle and apply a fuzzy logic-based algorithm to estimate its trust. We also introduce a parameter to evaluate the impact of content modification in trust calculation. Experimental results reveal that the proposed scheme detects malicious vehicles with high precision and recall and makes decisions with higher accuracy compared to the state-of-the-art.

In this paper, we propose a multidimensional trust model for vehicular networks. Our model evaluates the trustworthiness of each vehicle using two main modes: 1) Direct Trust Computation DTC related to a direct connection between source and target nodes, 2) Indirect Trust Computation ITC related to indirectly communication between source and target nodes. The principal characteristics of this model are flexibility and high fault tolerance, thanks to an automatic trust scores assessment. In our extensive simulations, we use Total Cost Rate to affirm the performance of the proposed trust model.

With large scale generation and exchange of data between IoT devices and constrained IoT security to protect data communication, it becomes easy for attackers to compromise data routes. In IoT networks, IPv6 Routing Protocol is the de facto routing protocol for Low Power and Lossy Networks (RPL). RPL offers limited security against several RPL-specific and WSN-inherited attacks in IoT applications. Additionally, IoT devices are limited in memory, processing, and power to operate properly using the traditional Internet and routing security solutions. Several mitigation schemes for the security of IoT networks and routing, have been proposed including Machine Learning-based, IDS-based, and Trust-based approaches. In existing trust-based methods, mobility of nodes is not considered at all or its insufficient for mobile sink nodes, specifically for security against RPL attacks. This research work proposes a conceptual design, named SMTrust, for security of routing protocol in IoT, considering the mobility-based trust metrics. The proposed solution intends to provide defense against popular RPL attacks, for example, Blackhole, Greyhole, Rank, Version Number attacks, etc. We believe that SMTrust shall provide better network performance for attacks detection accuracy, mobility and scalability as compared to existing trust models, such as, DCTM-RPL and SecTrust-RPL. The novelty of our solution is that it considers the mobility metrics of the sensor nodes as well as the sink nodes, which has not been addressed by the existing models. This consideration makes it suitable for mobile IoT environment. The proposed design of SMTrust, as secure routing protocol, when embedded in RPL, shall ensure confidentiality, integrity, and availability among the sensor nodes during routing process in IoT communication and networks.

In many applications, software protection can not be sufficient to provide high security needed by some critical applications. A noteworthy example are the bitcoin wallets. Designed the most secure piece of software, their security can be compromised by a simple piece of malware infecting the device storing keys used for signing transactions. Secure hardware devices such as Trusted Platform Module (TPM) offers the ability to create a piece of code that can run unmolested by the rest of software applications hosted in the same machine. This has turned out to be a valuable approach for preventing several malware threats. Unfortunately, their restricted functionalities make them inconsistent with the use of multi and threshold signature mechanisms which are in the heart of real world cryptocurrency wallets implementation. This paper proposes an efficient multi-signature scheme that fits the requirement of the TPM. Based on discrete logarithm and pairings, our scheme does not require any interaction between signers and provide the same benefits as the well established BLS signature scheme. Furthermore, we proposed a formal model of our design and proved it security in a semi-honest model. Finally, we implemented a prototype of our design and studied its performance. From our experimental analysis, the proposed design is highly efficient and can serve as a groundwork for using TPM in future cryptocurrency wallets.

Medical institutions are increasingly adopting IoT platforms to share data, communicate rapidly and improve healthcare treatment abilities. However, this trend is also raising the risk of potential data manipulation attacks. In decentralized networks, defense mechanisms against external entities have been widely enabled while protection against insider attackers is still the weakest link of the chain. Most of the platforms are based on the assumption that all the insider nodes are trustworthy. However, these nodes are exploiting of this assumption to lead manipulation attacks and violate data integrity and reliability without being detected. To address this problem, we propose a secure decentralized management system able to detect insider malicious nodes. Our proposal is based on a three layer architecture: storage layer, blockchain based network layer and IoT devices layer. In this paper, we mainly focus on the network layer where we propose to integrate a decentralized trust based authorization module. This latter allows updating dynamically the nodes access rights by observing and evaluating their behavior. To this aim, we combine probabilistic modelling and stochastic modelling to classify and predict the nodes behavior. Conducted performance evaluation and security analysis show that our proposition provides efficient detection of malicious nodes compared to other trust based management approaches.

IoT adds more flexibility in many areas of applications to makes it easy to monitor and manage data instantaneously. However, IoT has many challenges regarding its security and storage issues. Moreover, the third-party trusting agents of IoT devices do not support sufficient security level between the network peers. This paper proposes improving the trust, processing power, and storage capability of IoT in distributed system topology by adopting the blockchain approach. An application, IoT Trust Management (ITM), is proposed to manage the trust of the shared content through the blockchain network, e.g., supply chain. The essential key in ITM is the trust management of IoT devices data are done using peer to peer (P2P), i.e., no third-party. ITM is running on individual python nodes and interact with frontend applications creating decentralized applications (DApps). The IoT data shared and stored in a ledger, which has the IoT device published details and data. ITM provides a higher security level to the IoT data shared on the network, such as unparalleled security, speed, transparency, cost reduction, check data, and Adaptability.

Mobile peer-to-peer network (MP2P) attracts increasing attentions due to the ubiquitous use of mobile communication and huge success of peer-to-peer (P2P) mode. However, open p2p mode makes nodes tend to be selfish, and the scarcity of resources in mobile nodes aggravates this problem, thus the nodes easily express a non-complete cooperative (NCC) attitude. Therefore, an identification of non-complete cooperative nodes and a corresponding trust routing scheme are proposed for MP2P in this paper. The concept of octant is firstly introduced to build a trust model which analyzes nodes from three dimensions, namely direct trust, internal state and recommendation reliability, and then the individual non-complete cooperative (INCC) nodes can be identified by the division of different octants. The direct trust monitors nodes' external behaviors, and the consideration of internal state and recommendation reliability contributes to differentiate the subjective and objective non-cooperation, and mitigate the attacks about direct trust values respectively. Thus, the trust model can identify various INCC nodes accurately. On the basis of identification of INCC nodes, cosine similarity method is applied to identify collusive non-complete cooperate (CNCC) nodes. Moreover, a trust routing scheme based on the identification of NCC nodes is presented to reasonably deal with different kinds of NCC nodes. Results from extensive simulation experiments demonstrate that this proposed identification and routing scheme have better performances, in terms of identification precision and packet delivery fraction than current schemes respectively.