Biblio

Web Scraping is the technique of extracting desired data in an automated way by scanning the internal links and content of a website, this activity usually performed by systematically programmed bots. This paper explains our proposed solution to protect the blog content from theft and from being copied to other destinations by mitigating the scraping bots. To achieve our purpose we applied two steps in two levels, the first one, on the main blog page level, mitigated the work of crawler bots by adding extra empty articles anchors among real articles, and the next step, on the article page level, we add a random number of empty and hidden spans with randomly generated text among the article's body. To assess this solution we apply it to a local project developed using PHP language in Laravel framework, and put four criteria that measure the effectiveness. The results show that the changes in the file size before and after the application do not affect it, also, the processing time increased by few milliseconds which still in the acceptable range. And by using the HTML-similarity tool we get very good results that show the symmetric over style, with a few bit changes over the structure. Finally, to assess the effects on the bots, scraper bot reused and get the expected results from the programmed middleware. These results show that the solution is feasible to be adopted and use to protect blogs content.

Middleware for IoT (Internet of Things) helps application developers face challenges, such as device heterogeneity, service interoperability, security and scalability. While extensively adopted nowadays, IoT middleware systems are static because, after deployment, updates are only possible by stopping the thing. Therefore, adaptive capabilities can improve existing solutions by allowing their dynamic adaptation to changes in the environmental conditions, evolve provided functionalities, or fix bugs. This paper presents AMoT, an adaptive publish/subscribe middleware for IoT whose design and implementation adopt software architecture principles and evolutive adaptation mechanisms. The experimental evaluation of AMoT helps to measure the impact of the proposed adaptation mechanisms while also comparing the performance of AMoT with a widely adopted MQTT (Message Queuing Telemetry Transport) based middleware. In the end, adaptation has an acceptable performance cost and the advantage of tunning the middleware functionality at runtime.

This paper describes the architecture and the fundamental methodology of an anomaly detector, which by continuously monitoring Simple Network Management Protocol data and by processing it as complex-events, is able to timely recognize patterns of faults and relevant cyber-attacks. This solution has been applied in the context of smart grids, and in particular as part of a security and resilience component of the Information and Communication Technologies (ICT) Gateway, a middleware-based architecture that correlates and fuses measurement data from different sources (e.g., Inverters, Smart Meters) to provide control coordination and to enable grid observability applications. The detector has been evaluated through experiments, where we selected some representative anomalies that can occur on the ICT side of the energy distribution infrastructure: non-malicious faults (indicated by patterns in the system resources usage), as well as effects of typical cyber-attacks directed to the smart grid infrastructure. The results show that the detection is promisingly fast and efficient.

Modern Intelligent Transport Systems (ITSs) are comprehensive applications that have to cope with a multitude of challenges while meeting strict service and security standards. A novel data-centric middleware that provides the foundation of such systems is presented in this paper. This middleware is designed for high scalability, fast data processing and multimodality. To achieve these goals, an innovative spatial annotation (SpatiaIJSON) is utilised. SpatialJSON allows the representation of geometry, topology and traffic information in one dataset. Data processing is designed in such a manner that any schema or ontology can be used to express information. Further, common concerns of ITSs are addressed, such as authenticity of messages. The core task, however, is to ensure a quick exchange of evaluated information between the individual traffic participants.

In mobile edge computing, edge devices collect data, and an edge server performs computational or data processing tasks that need real-time processing. Depending upon the requested task's complexity, an edge server executes it locally or remotely in the cloud. When an edge server needs to offload its computational tasks, there could be a sudden failure in the cloud or network. In this scenario, we need to provide a flexible execution model to edge devices and servers for the continuous execution of the task. To that end, in this paper, we induced a middleware system that allows an edge server to execute a task on the edge devices instead of offloading it to a cloud server. Edge devices not only send data to an edge server for further processing but also execute edge services by utilizing nearby edge devices' computing resources. We extend the concept of service-oriented architecture and integrate a decentralized peer-to-peer network architecture to achieve reusability, location-specific security, and reliability. By following our methodology, software developers can enhance their application in a collaborative environment without worrying about low-level implementation.

This paper presents a management system for a fleet of autonomous mobile robots performing logistics in security-heterogeneous factories. Loading and unloading goods and parts between workstations in these dynamic environments often demands from the mobile robots to share space and resources such as corridors, interlocked security doors and elevators among themselves. This model explores a dynamic task scheduling and assignment to the robots taking into account their location, tasks previously assigned and battery levels, all the while being aware of the physical constraints of the installation. The benefits of the proposed architecture were validated through a set of experiments in a mockup of INCM's shop-floor environment. During these tests 3 robots operated continuously for several hours, self-charging without any human intervention.

In-Network Computing is a promising field that can be explored to leverage programmable network devices to offload computing towards the edge of the network. This has created great interest in supporting a wide range of network functionality in the data plane. Considering a networked robotics domain, this brings new opportunities to tackle the communication latency challenges. However, this approach opens a room for hardware-level exploits, with the possibility to add a malicious code to the network device in a hidden fashion, compromising the entire communication in the robotic facilities. In this work, we expose vulnerabilities that are exploitable in the most widely used flexible framework for writing robot software, Robot Operating System (ROS). We focus on ROS protocol crossing a programmable SmartNIC as a use case for In-Network Hijacking and In-Network Replay attacks, that can be easily implemented using the P4 language, exposing security vulnerabilities for hackers to take control of the robots or simply breaking the entire system.

As multi-robot systems (MRS) are widely used in various tasks such as natural disaster response and social security, people enthusiastically expect an MRS to be ubiquitous that a general user without heavy training can easily operate. However, humans have various preferences on balancing between task performance and safety, imposing different requirements onto MRS control. Failing to comply with preferences makes people feel difficult in operation and decreases human willingness of using an MRS. Therefore, to improve social acceptance as well as performance, there is an urgent need to adjust MRS behaviors according to human preferences before triggering human corrections, which increases cognitive load. In this paper, a novel Meta Preference Learning (MPL) method was developed to enable an MRS to fast adapt to user preferences. MPL based on meta learning mechanism can quickly assess human preferences from limited instructions; then, a neural network based preference model adjusts MRS behaviors for preference adaption. To validate method effectiveness, a task scenario "An MRS searches victims in an earthquake disaster site" was designed; 20 human users were involved to identify preferences as "aggressive", "medium", "reserved"; based on user guidance and domain knowledge, about 20,000 preferences were simulated to cover different operations related to "task quality", "task progress", "robot safety". The effectiveness of MPL in preference adaption was validated by the reduced duration and frequency of human interventions.

Autonomous navigation of a robot is more challenging in an uncontrolled environment owing to the necessity of coordination among several activities. This includes, creating a map of the surrounding, localizing the robot inside the map, generating a motion plan consistent with the map, executing the plan with control and all other tasks involved concurrently. Moreover, autonomous navigation problems are significant for future robotics applications such as package delivery, security, cleaning, agriculture, surveillance, search and rescue, construction, and transportation which take place in uncontrolled environments. Therefore, an attempt has been made in this research to develop a robot which could function as a security agent for a house to address the aforesaid particulars. This robot has the capability to navigate autonomously in the prescribed map of the operating zone by the user. The desired map can be generated using a Light Detection and Ranging (LiDAR) sensor. For robot navigation, it requires to pick out the robot location accurately itself, otherwise robot will not move autonomously to a particular target. Therefore, Adaptive Monte Carlo Localization (AMCL) method was used to validate the accuracy of robot localization process. Moreover, additional sensors were placed around the building to sense the prevailing security threats from intruders with the aid of the robot.

Surveillance systems involve a camera module (at a fixed location) connected/streaming video via Internet Protocol to a (video) server. In our IMPRINT consortium project, by mounting miniaturised camera module/s on mobile quadruped-lizard like robots, we developed a stealth surveillance system, which could be very useful as a monitoring system in hostage situations. In this paper, we report about the communication system that enables secure transmission of: Live-video from robots to a server, GPS-coordinates of robots to the server and Navigation-commands from server to robots. Since the end application is for stealth surveillance, often can involve sensitive data, data security is a crucial concern, especially when data is transmitted through the internet. We use the RC4 algorithm for video transmission; while the AES algorithm is used for GPS data and other commands’ data transmission. Advantages of the developed system is easy to use for its web interface which is provided on the control station. This communication system, because of its internet-based communication, it is compatible with any operating system environment. The lightweight program runs on the control station (on the server side) and robot body that leads to less memory consumption and faster processing. An important requirement in such hostage surveillance systems is fast data processing and data-transmission rate. We have implemented this communication systems with a single-board computer having GPU that performs better in terms of speed of transmission and processing of data.

The Robot Operation System (ROS) is widely used in academia as well as the industry to build custom robot applications. Successful cyberattacks on robots can result in a loss of control for the legitimate operator and thus have a severe impact on safety if the robot is moving uncontrollably. A high level of security thus needs to be mandatory. Neither ROS 1 nor 2 in their default configuration provide protection against network based attackers. Multiple protection mechanisms have been proposed that can be used to overcome this. Unfortunately, it is unclear how effective and usable each of them are. We provide a structured analysis of the requirements these protection mechanisms need to fulfill by identifying realistic, network based attacker models and using those to derive relevant security requirements and other evaluation criteria. Based on these criteria, we analyze the protection mechanisms available and compare them to each other. We find that none of the existing protection mechanisms fulfill all of the security requirements. For both ROS 1 and 2, we discuss which protection mechanism are most relevant and give hints on how to decide on one. We hope that the requirements we identify simplify the development or enhancement of protection mechanisms that cover all aspects of ROS and that our comparison helps robot operators to choose an adequate protection mechanism for their use case.

Security is a major thing to focus on during this modern era as it is very important to secure your surroundings for the well being of oneself and his family, But there are many drawbacks of using conventional security surveillance cameras as they have to be set in a particular angle for good visual and they do not cover a large area, conventional security cameras can only be used from a particular device and cannot alert the user during an unforeseen circumstance. Hence we require a much more efficient device for better security a web controlled surveillance robot is much more practical device to be used compared to conventional security surveillance, this system needs a single camera to perform its operation and the user can monitor a wide range of area, any device with a wireless connection to the internet can be used to operate this device. This robot can move to any location within the range of the network and can be accessed globally from anywhere and as it uses only one camera to secure a large area it is also cost-efficient. At the core of the system lies Raspberry-pi which is responsible for all the operation of the system and the size of the device can be engineered according to the area it is to be used.

Increasingly, the transportation industry has moved towards automation to improve safety, fuel efficiency, and system productivity. However, the increased scrutiny that automated vehicles (AV) face over functional safety has hindered the industry's unbridled confidence in self-driving technologies. As AVs are cyber-physical systems, they utilize distributed control to accomplish a range of safety-critical driving tasks. The Operation Systems (OS) serve as the core of these control systems. Therefore, their designs and implementation must incorporate ways to protect AVs against what must be assumed to be inevitable cyberattacks to meet the overall AV functional safety requirements. This paper investigates the connection between functional safety and cybersecurity in the context of OS. This study finds that risks due to delays can worsen by potential cybersecurity vulnerabilities through a case example of an automated vehicle following. Furthermore, attack surfaces and cybersecurity countermeasures for protecting OSs from security breaches are addressed.

Robotic systems are becoming an ever-increasing part of everyday life due to their capacity to carry out physical tasks on behalf of human beings. Found in nearly every facet of our lives, robotic systems are used domestically, in small and large-scale factories, for the production and processing of agriculture, for military operations, to name a few. The Robotic Operating System (ROS) is the standard operating system used today for the development of modular robotic systems. However, in its development, ROS has been notorious for the absence of security mechanisms, placing people in danger both physically and digitally. This dissertation summary presents the development of a suite of ROS tools, leading up to the development of a modular, secure framework for ROS. An integrated approach for the security of ROS-enabled robotic systems is described, to set a baseline for the continual development to increase ROS security. The work culminates in the ROS security tool ROS-Immunity, combining internal system defense, external system verification, and automated vulnerability detection in an integrated tool that, in conjunction with Secure-ROS, provides a suite of defenses for ROS systems against malicious attackers.

These days, almost everyone has been entirely relying on mobile devices and mobile related applications running on Android Operating Systems, the most used Mobile Operating System in the world with the largest market share. These Mobile devices and applications can become an information goldmine for hackers and are considered one of the significant concerns mobile users face who stand a chance of being victimized during data breach from hackers due to lapse in information security and controls. Such challenge can be put to bare through systematic digital forensic analysis through penetration testing for a humanoid robot like Zenbo, which run Android OS and related application, to help identify associated security vulnerabilities and develop controls required to improve security using popular penetration testing tools such as Drozer, Mobile Application Security framework (mobSF), and AndroBugs with the help of Santoku Linux distribution.

The traditional data storage method often adopts centralized architecture, which is prone to trust and security problems. This paper proposes a trusted data storage and access control scheme combining blockchain and attribute-based encryption, which allow cyber-physical system (CPS) nodes to realize the fine-grained access control strategy. At the same time, this paper combines the blockchain technology with distributed storage, and only store the access control policy and the data access address on the blockchain, which solves the storage bottleneck of blockchain system. Furthermore, this paper proposes a novel multi-authority attributed-based identification method, which realizes distributed attribute key generation and simplifies the pairwise authentication process of multi-authority. It can not only address the key escrow problem of one single authority, but also reduce the problem of high communication overhead and heavy burden of multi-authority. The analyzed results show that the proposed scheme has better comprehensive performance in trusted data storage and access control for power cyber-physical system.

To break the data barrier of the information island and explore the value of data in the past few years, it has become a trend of uploading data to the cloud by data owners for data sharing. At the same time, they also hope that the uploaded data can still be controlled, which makes access control of cloud data become an intractable problem. As a famous cryptographic technology, ciphertext policy-based attribute encryption (CP-ABE) not only assures data confidentiality but implements fine-grained access control. However, the actual application of CP-ABE has its inherent challenge in attribute revocation. To address this challenge, we proposed an access control solution supporting attribute revocation in cloud computing. Unlike previous attribute revocation schemes, to solve the problem of excessive attribute revocation overhead, we use symmetric encryption technology to encrypt the plaintext data firstly, and then, encrypting the symmetric key by utilizing public-key encryption technology according to the access structure, so that only the key ciphertext is necessary to update when the attributes are revoked, which reduces the spending of ciphertext update to a great degree. The comparative analysis demonstrates that our solution is reasonably efficient and more secure to support attribute revocation and access control after data sharing.

Smart grid has improved the security, efficiency of the power system and balanced the supply and demand by intelligent management, which enhanced stability and reliability of power grid. The key point to achieve them is real-time data and consumption data sharing by using fine-grained policies. But it will bring the leakage of the privacy of the users and the loss of data control rights of the data owner. The reported solutions can not give the best trade-off among the privacy protection, control over the data shared and confidentiality. In addition, they can not solve the problems of large computation overhead and dynamic management such as users' revocation. This paper aims at these problems and proposes a decentralized attribute-based data sharing scheme. The proposed scheme ensures the secure sharing of data while removing the central authority and hiding user's identity information. It uses attribute-based signcryption (ABSC) to achieve data confidentiality and authentication. Under this model, attribute-based encryption gives the access policies for users and keeps the data confidentiality, and the attribute-based signature is used for authentication of the primary ciphertext-integrity. It is more efficient than "encrypt and then sign" or "sign and then encrypt". In addition, the proposed scheme enables user's revocation and public verifiability. Under the random oracle model, the security and the unforgeability against adaptive chosen message attack are demonstrated.

Driven by the development of Internet and information technology, cloud computing has been widely recognized and accepted by the public. However, with the occurrence of more and more information leakage, cloud security has also become one of the core problem of cloud computing. As one of the resolve methods of it, ciphertext-policy attribute-based encryption (CP-ABE) by embedding access policy into ciphertext can make data owner to decide which attributes can access ciphertext. It achieves ensuring data confidentiality with realizing fine-grained access control. However, the traditional access policy has some limitations. Compared with other access policies, the circuit-based access policy ABE supports more flexible access control to encrypted data. But there are still many challenges in the existing circuit-based access policy ABE, such as privacy leakage and low efficiency. Motivated by the above, a new circuit-based access policy ABE is proposed. By converting the multi output OR gates in monotonic circuit, the backtracking attacks in circuit access structure is avoided. In order to overcome the low efficiency issued by circuit conversion, outsourcing computing is adopted to Encryption/Decryption algorithms, which makes the computing overhead for data owners and users be decreased and achieve constant level. Security analysis shows that the scheme is secure under the decision bilinear Diffie-Hellman (DBDH) assumption. Numerical results show the proposed scheme has a higher computation efficiency than the other circuit-based schemes.

The Internet of Things (IoT) provides significant benefits for industry due to connect the devices together through the internet. Attribute-Based Encryption (ABE) is a technique can enforce an access control over data to guarantee the data security. In this paper, we propose an ABE scheme for data in industrial IoT. The scheme achieves both security and high performance. When there is a shared subpolicy among the access policies of a sensor, the scheme optimizes the encryption of the messages. Through analysis and simulation, we show that our solution is security and efficient.

Nowadays, many data owners choose to outsource their data to public cloud servers while allowing authorized users to retrieve them. To protect data confidentiality from an untrusted cloud, many studies on searchable encryption (SE) are proposed for privacy-preserving search over encrypted data. However, most of the existing SE schemes only focus on the single-owner model. Users need to search one-by-one among data owners to retrieve relevant results even if data are from the same cloud server, which inevitably incurs unnecessary bandwidth and computation cost to users. Thus, how to enable efficient authorized search over multi-owner datasets remains to be fully explored. In this paper, we propose a new privacy-preserving search scheme for the multi-owner and multi-user model. Our proposed scheme has two main advantages: 1) We achieve an attribute-based keyword search for multi-owner model, where users can only search datasets from specific authorized owners. 2) Each data owner can enforce its own fine-grained access policy for users while an authorized user only needs to generate one trapdoor (i.e., encrypted search keyword) to search over multi-owner encrypted data. Through rigorous security analysis and performance evaluation, we demonstrate that our scheme is secure and feasible.

Attribute-based encryption (ABE) is an access control mechanism where a sender encrypts messages according to an attribute set for multiple receivers. With fine-grained access control, it has been widely applied to cloud storage and file sharing systems. In such a mechanism, it is a challenge to achieve the revocation efficiently on a specific user since different users may share common attributes. Thus, dynamic membership is a critical issue to discuss. On the other hand, most works on LSSS-based ABE do not address the situation about threshold on the access structure, and it lowers the diversity of access policies. This manuscript presents an efficient attribute-based encryption scheme with dynamic membership by using LSSS. The proposed scheme can implement threshold gates in the access structure. Furthermore, it is the first ABE supporting complete dynamic membership that achieves the CCA security in the standard model, i.e. without the assumption of random oracles.

Medical organizations find it challenging to adopt cloud-based Electronic Health Records (EHR) services due to the risk of data breaches and the resulting compromise of patient data. Existing authorization models follow a patient-centric approach for EHR management, where the responsibility of authorizing data access is handled at the patients’ end. This creates significant overhead for the patient, who must authorize every access of their health record. It is also not practical given that multiple personnel are typically involved in providing care and that the patient may not always be in a state to provide this authorization.

Lattice-based Attribute-based encryption is a well-known cryptographic mechanism that can resist quantum attacks and has the ability of fine-grained access control, and it has a wide range of application scenarios in current Internet of Thing (IoT) era. However, lack of efficiency and existing the problem of large ciphertext expansion rate are the main disadvantages impede the applications of this mechanism. Thus, we propose an efficient and practical ciphertext policy attribute-based encryption (CP-ABE) scheme from lattices in the paper. In this scheme, to make the secret key reusable, we adjust access tree and propose a basic access tree structure, which can be converted from disjunctive normal form, and combine it with a light post-quantum scheme of Kyber. In addition, the compression method and plaintext expansion method are introduced to optimize the scheme. Our CP-ABE scheme is secure against chosen plaintext attack under the hardness of module learning with errors problem. We implement our scheme and compare it with three recent related schemes in terms of security, function and communication cost. Experiments and comparisons show that our CP-ABE scheme has advantages in high encryption efficiency, small matrix dimension, small key sizes, and low ciphertext expansion rate, which has some merit in practice.

In the fast growing world using new Cloud computing technology. In the terms of Sensitive Data Access from the remote cloud computing storage with different users using security measures to avoid the unauthorized users. Even though so many uses in the Cloud, it leads to lot of issues such as in the Data Access of the sensitive data and encryption still remain challenging. To overcome with these issues, In this novel paper focus on multiple attribute-based encryption which features the data access in secured way with different users in the Cloud Data. The proposed system enables on secure Data Access by using the MABE scheme.