Biblio

Protecting an identity of IPv6 packet against Denial-of-Service (DoS) attack, depend on the proposed methods of cryptography and steganography. Reliable communication using the security aspect is the most visible issue, particularly in IPv6 network applications. Problems such as DoS attacks, IP spoofing and other kinds of passive attacks are common. This paper suggests an approach based on generating a randomly unique identities for every node. The generated identity is encrypted and hided in the transmitted packets of the sender side. In the receiver side, the received packet verified to identify the source before processed. Also, the paper involves implementing nine experiments that are used to test the proposed scheme. The scheme is based on creating the address of IPv6, then passing it to the logistics map then encrypted by RSA and authenticated by SHA2. In addition, network performance is computed by OPNET modular. The results showed better computation power consumption in case of lost packet, average events, memory and time, and the better results as total memory is 35,523 KB, average events/sec is 250,52, traffic sent is 30,324 packets/sec, traffic received is 27,227 packets/sec, and lose packets is 3,097 packets/sec.

Based on the campus wireless IPv6 network system, using WiFi contactless sensing and positioning technology and action recognition technology, this paper designs a new campus security early warning system. The characteristic is that there is no need to add new monitoring equipment. As long as it is the location covered by the wireless IPv6 network, personnel quantity statistics and personnel body action status display can be realized. It plays an effective monitoring supplement to the places that cannot be covered by video surveillance in the past, and can effectively prevent campus violence or other emergencies.

This paper uses the test tool provided by the Internet Protocol Version 6 (IPv6) Forum to test the protocol conformance of IPv6 devices. The installation and testing process of IPv6 Ready Logo protocol conformance test suite developed by TAHI PROJECT team is described in detail. This section describes the test content and evaluation criteria of the suite, analyzes the problems encountered during the installation and use of the suite, describes the method of analyzing the test results of the suite, and describes the test content added to the latest version of the test suite. The test suite can realize automatic testing, the test cases accurately reflect the requirements of the IPv6 protocol specification, can be used to judge whether IPv6-based Internet of Things(IoT) devices meets the relevant protocol standards.

For the smart campus of Guangdong Ocean University, we analyze the current situation of the university's network construction, as well as the problems in infrastructure, equipment, operation management, and network security. We focus on the construction objectives and design scheme of the smart campus, including the design of network structure and basic network services. The followings are considered in this study: optimization of network structure simplification, business integration, multi-operator access environment, operation and maintenance guarantee system, organic integration of production, and teaching and research after network leveling transformation.

With the global transition to the IPv6 (Internet Protocol version 6), IP (Internet Protocol) validation efficiency and IPv6 support from the aspect of network programming are gaining more importance. As global computer networks grow in the era of IoT (Internet of Things), IP address validation is an inevitable process for assuring strong network privacy and security. The complexity of IP validation has been increased due to the rather drastic change in the memory architecture needed for storing IPv6 addresses. Low-level programming languages like C/C++ are a great choice for handling memory spaces and working with simple devices connected in an IoT (Internet of Things) network. This paper analyzes some user-defined and open-source implementations of IP validation codes in Boost. Asio and POCO C++ networking libraries, as well as the IP security support provided for general networking purposes and IoT. Considering a couple of sample codes, the paper gives a conclusion on whether these C++ implementations answer the needs for flexibility and security of the upcoming era of IPv6 addressed computers.

Internet Protocol Version 6 (IPv6) is expected for widespread deployment worldwide. Such rapid development of IPv6 may lead to safety problems. The main threats in IPv6 networks are denial of service (DoS) attacks and distributed DoS (DDoS) attacks. In addition to the similar threats in Internet Protocol Version 4 (IPv4), IPv6 has introduced new potential vulnerabilities, which are DoS and DDoS attacks based on Internet Control Message Protocol version 6 (ICMPv6). We divide such new attacks into two categories: pure flooding attacks and source address spoofing attacks. We propose P4-NSAF, a scheme to defend against the above two IPv6 DoS and DDoS attacks in the programmable data plane. P4-NSAF uses Count-Min Sketch to defend against flooding attacks and records information about IPv6 agents into match tables to prevent source address spoofing attacks. We implement a prototype of P4-NSAF with P4 and evaluate it in the programmable data plane. The result suggests that P4-NSAF can effectively protect IPv6 networks from DoS and DDoS attacks based on ICMPv6.

IoBTs must feature collaborative, context-aware, multi-modal fusion for real-time, robust decision-making in adversarial environments. The integration of machine learning (ML) models into IoBTs has been successful at solving these problems at a small scale (e.g., AiTR), but state-of-the-art ML models grow exponentially with increasing temporal and spatial scale of modeled phenomena, and can thus become brittle, untrustworthy, and vulnerable when interpreting large-scale tactical edge data. To address this challenge, we need to develop principles and methodologies for uncertainty-quantified neuro-symbolic ML, where learning and inference exploit symbolic knowledge and reasoning, in addition to, multi-modal and multi-vantage sensor data. The approach features integrated neuro-symbolic inference, where symbolic context is used by deep learning, and deep learning models provide atomic concepts for symbolic reasoning. The incorporation of high-level symbolic reasoning improves data efficiency during training and makes inference more robust, interpretable, and resource-efficient. In this paper, we identify the key challenges in developing context-aware collaborative neuro-symbolic inference in IoBTs and review some recent progress in addressing these gaps.

Malicious software (malware) poses a significant threat to the security of our networks and users. In the ever-evolving malware landscape, Excel 4.0 Office macros (XL4) have recently become an important attack vector. These macros are often hidden within apparently legitimate documents and under several layers of obfuscation. As such, they are difficult to analyze using static analysis techniques. Moreover, the analysis in a dynamic analysis environment (a sandbox) is challenging because the macros execute correctly only under specific environmental conditions that are not always easy to create. This paper presents SYMBEXCEL, a novel solution that leverages symbolic execution to deobfuscate and analyze Excel 4.0 macros automatically. Our approach proceeds in three stages: (1) The malicious document is parsed and loaded in memory; (2) Our symbolic execution engine executes the XL4 formulas; and (3) Our Engine concretizes any symbolic values encountered during the symbolic exploration, therefore evaluating the execution of each macro under a broad range of (meaningful) environment configurations. SYMBEXCEL significantly outperforms existing deobfuscation tools, allowing us to reliably extract Indicators of Compromise (IoCs) and other critical forensics information. Our experiments demonstrate the effectiveness of our approach, especially in deobfuscating novel malicious documents that make heavy use of environment variables and are often not identified by commercial anti-virus software.

Emails are widely used as a form of communication and sharing files in an organization. However, email is widely used by cybercriminals to spread malware and carrying out cyber-attacks. We implemented an open-source email gateway in conjunction with a security sandbox for securing emails against malicious attachments. The email gateway scans all incoming and outgoing emails and stops emails containing suspicious files. An automated python script would then send the suspected email to the sandboxing element through sandbox API for further analysis, while the script is used also for the prevention of duplicate results. Moreover, the mail server administrator receives notifications from the email gateway about suspicious attachments. If detected attachment is a true positive based on the sandbox analysis result, email is deleted, otherwise, the email is delivered to the recipient. The paper describes in an empirical way the steps followed during the implementation, results, and conclusions of our research.

Mobile devices are an inseparable part of our lives. They have made it possible to access all the information and services anywhere at any time. Almost all of the organizations try to provide a mobile device-based solution to its users. However, this convenience has arisen the risk of losing personal information and has increased the threat to security. It has been observed recently that some of the mobile device manufacturers and mobile apps developers have lost the private information of their users to hackers. It has risen a great concern among mobile device users about their personal information. Android and iOS are the major operating systems for mobile devices and share over 99% of the mobile device market. This research aims to conduct a comparative analysis of the security of the components in the Android and iOS operating systems. It analyses the security from several perspectives such as memory randomization, application sandboxing, isolation, encryption, built-in antivirus, and data storage. From the analysis, it is evident that iOS is more secure than Android operating system. However, this security comes with a cost of losing the freedom.

Virtual machine (VM) based application sandboxes leverage strong isolation guarantees of virtualization techniques to address several security issues through effective containment of malware. Specifically, in end-user physical hosts, potentially vulnerable applications can be isolated from each other (and the host) using VM based sandboxes. However, sharing data across applications executing within different sandboxes is a non-trivial requirement for end-user systems because at the end of the day, all applications are used by the end-user owning the device. Existing file sharing techniques compromise the security or efficiency, especially considering lack of technical expertise of many end-users in the contemporary times. In this paper, we propose MicroBlind, a security hardened file sharing framework for virtualized sandboxes to support efficient data sharing across different application sandboxes. MicroBlind enables a simple file sharing management API for end users where the end user can orchestrate file sharing across different VM sandboxes in a secure manner. To demonstrate the efficacy of MicroBlind, we perform comprehensive empirical analysis against existing data sharing techniques (augmented for the sandboxing setup) and show that MicroBlind provides improved security and efficiency.

This paper presents a definition of a secure system and design principles, which help govern security policies within an embedded system. By understanding a secure system, a common system on chip (SoC) architecture is evaluated and their vulnerabilities explored. This effort helped define requirements for a framework for a secure and isolated SoC architecture for users to develop in. Throughout this paper, a SoC architecture framework for isolated domains has been proposed and its robustness verified against different attack scenarios. To support different levels of criticality and complexity in developing user applications, three computing domains were proposed: security and safety critical (SSC) domain, high performance (HP) domain, and sandbox domain. These domains allow for complex applications to be realized with varying levels of security. Isolation between different computing domains is established using consumer off the shelf (COTS) techniques and architectural components provided by the Zynq Ultrascale+ (ZU+) multiprocessor SoC (MPSoC). To the best of our knowledge, this is the first work that implements a secure system design on the ZU+ platform. There have been many other implementations in hardware security to mitigate certain attack scenarios such as side channel attacks, temporal attacks, hardware trojans, etc. However, our work is different than others, as it establishes the framework for isolated computing domains for secure applications and also verifies system security by attacking one domain from the others.

In order to prevent malicious environment, more and more applications use anti-sandbox technology to detect the running environment. Malware often uses this technology against analysis, which brings great difficulties to the analysis of applications. Research on anti-sandbox countermeasure technology based on application virtualization can solve such problems, but there is no good solution for sensor simulation. In order to prevent detection, most detection systems can only use real device sensors, which brings great hidden dangers to users’ privacy. Aiming at this problem, this paper proposes and implements a sensor anti-sandbox countermeasure technology for Android system. This technology uses the CNN-LSTM model to identify the activity of the real machine sensor data, and according to the recognition results, the real machine sensor data is classified and stored, and then an automatic data simulation algorithm is designed according to the stored data, and finally the simulation data is sent back by using the Hook technology for the application under test. The experimental results show that the method can effectively simulate the data characteristics of the acceleration sensor and prevent the triggering of anti-sandbox behaviors.

To train new staff to be efficient and ready for the tasks assigned is vital. They must be equipped with knowledge and skills so that they can carry out their responsibility to ensure smooth daily working activities. As transitioning to IPv6 has taken place for more than a decade, it is understood that having a dual-stack network is common in any organization or enterprise. However, many Internet users may not realize the importance of IPv6 security due to a lack of awareness and knowledge of cyber and computer security. Therefore, this paper presents an approach to educating people by introducing a security mechanisms model that can be applied in handling security challenges via network sandboxing by setting up an isolated dual stack network testbed using GNS3 to perform network security analysis. The finding shows that applying security mechanisms such as access control lists (ACLs) and host-based firewalls can help counter the attacks. This proves that knowledge and skills to handle dual-stack security are crucial. In future, more kinds of attacks should be tested and also more types of security mechanisms can be applied on a dual-stack network to provide more information and to provide network engineers insights on how they can benefit from network sandboxing to sharpen their knowledge and skills.

Network security isolation technology is an important means to protect the internal information security of enterprises. Generally, isolation is achieved through traditional network devices, such as firewalls and gatekeepers. However, the security rules are relatively rigid and cannot better meet the flexible and changeable business needs. Through the double sandbox structure created for each user, each user in the virtual machine is isolated from each other and security is ensured. By creating a virtual disk in a virtual machine as a user storage sandbox, and encrypting the read and write of the disk, the shortcomings of traditional network isolation methods are discussed, and the application of cloud desktop network isolation technology based on VMwarer technology in universities is expounded.

Using multi-UAV systems to accomplish both civil and military missions is becoming a popular trend. With the development of software and hardware technologies, Unmanned aerial vehicles (UAVs) are now able to operate autonomously at edge. However, the remote control of manned systems, e.g., ground control station (GCS), remains essential to mission success, and the system's control and non-payload communication (CNPC) are facing severe cyber threats caused by smart attacks. To avoid hijacking, in this paper, we propose a secure mechanism that reduces such security risks for multi-UAV systems. We introduce friendly jamming from UAVs to block eavesdropping on the remote control channel. The trade-off between security and energy consumption is optimized by three approaches designed for UAV and GCS under algorithms of different complexities. Numerical results show the approach efficiency under different mission conditions and security demands, and demonstrate the features of the proposed mechanism for various scenarios.

ROS 2 is rapidly becoming a standard in the robotics industry. Built upon DDS as its default communication middleware and used in safety-critical scenarios, adding secu-rity to robots and ROS computational graphs is increasingly becoming a concern. The present work introduces SROS2, a series of developer tools and libraries that facilitate adding security to ROS 2 graphs. Focusing on a usability-centric approach in SROS2, we present a methodology for securing graphs systematically while following the DevSecOps model. We also demonstrate the use of our security tools by presenting an application case study that considers securing a graph using the popular Navigation2 and SLAM Toolbox stacks applied in a TurtieBot3 robot. We analyse the current capabilities of SROS2 and discuss the shortcomings, which provides insights for future contributions and extensions. Ultimately, we present SROS2 as usable security tools for ROS 2 and argue that without usability, security in robotics will be greatly impaired.

Internet of Medical Things (IoMT) is a rapidly growing branch of IoT (Internet of Things), which requires special treatment to cyber security due to confidentiality of healthcare data and patient health threat. Healthcare data and automated medical devices might become vulnerable targets of malicious cyber-attacks. While a large number of robotic applications, including medical and healthcare, employ robot operating system (ROS) as their backbone, not enough attention is paid for ROS security. The paper discusses a security of ROS-based swing doors automation in the context of a robotic hospital framework, which should be protected from cyber-attacks.

Systems for relative localization in multi-robot systems based on ultra-wideband (UWB) ranging have recently emerged as robust solutions for GNSS-denied environments. Scalability remains one of the key challenges, particularly in adhoc deployments. Recent solutions include dynamic allocation of active and passive localization modes for different robots or nodes in the system. with larger-scale systems becoming more distributed, key research questions arise in the areas of security and trustability of such localization systems. This paper studies the potential integration of collaborative-decision making processes with distributed ledger technologies. Specifically, we investigate the design and implementation of a methodology for running an UWB role allocation algorithm within smart contracts in a blockchain. In previous works, we have separately studied the integration of ROS2 with the Hyperledger Fabric blockchain, and introduced a new algorithm for scalable UWB-based localization. In this paper, we extend these works by (i) running experiments with larger number of mobile robots switching between different spatial configurations and (ii) integrating the dynamic UWB role allocation algorithm into Fabric smart contracts for distributed decision-making in a system of multiple mobile robots. This enables us to deliver the same functionality within a secure and trustable process, with enhanced identity and data access management. Our results show the effectiveness of the UWB role allocation for continuously varying spatial formations of six autonomous mobile robots, while demonstrating a low impact on latency and computational resources of adding the blockchain layer that does not affect the localization process.

Robot Operating System 2 (ROS2) is the latest release of a framework for enabling robot applications. Data Distribution Service (DDS) middleware is used for communication between nodes in a ROS2 cluster. The DDS middleware provides a distributed discovery system, message definitions and serialization, and security. In ROS2, the DDS middleware is accessed through an abstraction layer, making it easy to switch from one implementation to another. The existing middleware implementations differ in a number of ways, e.g., in how they are supported in ROS2, in their support for the security features, their ease of use, their performance, and their interoperability. In this work, the focus is on the ease of use, interoperability, and security features aspects of ROS2 DDS middleware. We compare the ease of installation and ease of use of three different DDS middleware, and test the interoperability of different middleware combinations in simple deployment scenarios. We highlight the difference that enabling the security option makes to interoperability, and conduct performance experiments that show the effect that turning on security has on the communication performance. Our results provide guidelines for choosing and deploying DDS middleware on a ROS2 cluster.

AbuSaif is a human-like social robot designed and built at the UAE University's Artificial Intelligence and Robotics Lab. AbuSaif was initially operated by a classical personal computer (PC), like most of the existing social robots. Thus, most of the robot's functionalities are limited to the capacity of that mounted PC. To overcome this, in this study, we propose a web-based platform that shall take the benefits of clustering in cloud computing. Our proposed platform will increase the operational capability and functionality of AbuSaif, especially those needed to operate artificial intelligence algorithms. We believe that the robot will become more intelligent and autonomous using our proposed web platform.

The Robotic Operating System (ROS) is a popular framework for robotics research and development. It's a system that provides hardware abstraction with low-level device management to handle communications and services. ROS is a distributed system, which allows various nodes in a network to communicate using a method such as message passing. When integrating systems using ROS, it is vital to consider the security and privacy of the data and information shared across ROS nodes, which is considered to be one of the most challenging aspects of ROS systems. The goal of this study is to examine the ROS architecture, primary components, and versions, as well as the types of vulnerabilities that might compromise the system. In order to achieve the CIA's three fundamental security criteria on a ROS-based platform, we categorized these vulnerabilities and looked into various security solutions proposed by researchers. We provide a comparative analysis of the ROS-related security solutions, the security threats and issues they addressed, the targeted architecture of the protection or defense system, the solution's evaluation methodology and the evaluation metric, and the limitations that might be viewed as unresolved issues for the future course of action. Finally, we look into future possibilities and open challenges to assist researchers to develop more secure and efficient ROS systems.

Multi robot systems are defined as a collection of two or more robots that are capable of working autonomously while coordinating with each other. Three challenges emerge while designing any multi robot system. The robots have to coordinate their path planning or trajectory planning in order to avoid collision during the course of navigation, while collaborating tasks with other robots to achieve a specific end goal for the system. The other challenge, which is the focus of this paper, is the security of the entire multi robot system. Since robots have to coordinate with each other, any one of them being malicious due to any kind of security threat, can lead to a chain reaction that may compromise the entire system. Such security threats can be fatal if not dealt with immediately. This paper proposes the use of a Hybridized Blockchain Model (HBM) to identify such security threats and take necessary actions in real time so that the system does not encounter any catastrophic failure. The proposed security architecture uses ROS (Robot operating system) to decentralize the information collected by robot clients and HBM to monitor the clients and take necessary real time actions.

Human safety has always been the main priority when working near an industrial robot. With the rise of Human-Robot Collaborative environments, physical barriers to avoiding collisions have been disappearing, increasing the risk of accidents and the need for solutions that ensure a safe Human-Robot Collaboration. This paper proposes a safety system that implements Speed and Separation Monitoring (SSM) type of operation. For this, safety zones are defined in the robot's workspace following current standards for industrial collaborative robots. A deep learning-based computer vision system detects, tracks, and estimates the 3D position of operators close to the robot. The robot control system receives the operator's 3D position and generates 3D representations of them in a simulation environment. Depending on the zone where the closest operator was detected, the robot stops or changes its operating speed. Three different operation modes in which the human and robot interact are presented. Results show that the vision-based system can correctly detect and classify in which safety zone an operator is located and that the different proposed operation modes ensure that the robot's reaction and stop time are within the required time limits to guarantee safety.

Robot co-workers, like human co-workers, make mistakes that undermine trust. Yet, trust is just as important in promoting human-robot collaboration as it is in promoting human-human collaboration. In addition, individuals can signif-icantly differ in their attitudes toward robots, which can also impact or hinder their trust in robots. To better understand how individual attitude can influence trust repair strategies, we propose a theoretical model that draws from the theory of cognitive dissonance. To empirically verify this model, we conducted a between-subjects experiment with 100 participants assigned to one of four repair strategies (apologies, denials, explanations, or promises) over three trust violations. Individual attitudes did moderate the efficacy of repair strategies and this effect differed over successive trust violations. Specifically, repair strategies were most effective relative to individual attitude during the second of the three trust violations, and promises were the trust repair strategy most impacted by an individual's attitude.