Biblio

Security is a requirement in society, yet its wide implementation is held back because of high expenses, and barriers to the use of technology. Experimental implementation of security at low cost will only help in promoting the technology at more affordable prices. This paper describes the design of a security system of surveillance using Raspberry Pi and Arduino UNO. The design senses the presence of \$a\$ human in a surveillance area and immediately sets off the buzzer and simultaneously starts capturing video of the motion it had detected and stores it in a folder. When the design senses a motion, it immediately sends an SMS to the user. The user of this design can see the live video of the motion it detects using the internet connection from a remote area. Our objective of making a low-cost surveillance area security system has been mostly fulfilled. Although this is a low-cost project, features can be compared with existing commercially available systems.

A grouping-proof protocol aims to generate an evidence that two or more RFID (Radio Frequency Identification) tags in a group are coexistent, which has been widely deployed in practical scenarios, such as healthcare, supply-chain management, and so on. However, existing grouping-proof protocols have many issues in security and efficiency, either incompatible with EPCglobal Class-1 Generation-2 (C1G2) standard, or vulnerable to different attacks. In this paper, we propose a lightweight grouping-proof protocol which only utilizes bitwise operations (AND, XOR) and 128-bit pseudorandom number generator (PRNG). 2-round interactions between the reader and the tags allow them to cooperate on fast authentication in parallel mode where the reader broadcasts its round messages rather than hang on for the prior tag and then fabricate apposite output for the next tag consecutively. Our design enables the reader to aggregate the first round proofs (to bind the membership of tags in the same group) generated by the tags to an authenticator of constant size (independent of the number of tags) that can then be used by the tags to generate the second round proofs (and that will be validated by the verifier). Formal security (i.e., PPT adversary cannot counterfeit valid grouping-proof that can be accepted by any verifier) of the proposed protocol relies on the hardness of the learning parity with noise (LPN) problem, which can resist against quantum computing attacks. Other appealing features (e.g., robustness, anonymity, etc.) are also inspected. Performance evaluation shows its applicability to C1G2 RFID.

Automatic dependent surveillance-broadcast (ADS- B) records provide an important basis and evidence for future route planning and accountability. However, due to the lack of effective support for the integrity and confidentiality of ADS-B, the air traffic control (ATC) system based on ADS-B faces serious security threats. Once the data is tampered with, it will cause immeasurable losses to society. The ADS-B data is arranged in chronological order, and the order-preserving encryption method allows users to directly search for ciphertexts by time. However, encryption alone does not guarantee the integrity of the data. The attacker can still destroy the integrity of the data by modifying the ciphertext. This paper proposes a secure ADS- B protection scheme that supports queries. We construct a dynamic order-preserving encryption (DOPE) scheme to achieve data confidentiality and sequential search of target data in the ciphertext. In addition, the scheme achieves fast integrity checking by calculating the unique verification label of the entire ciphertext, and supports blockless verification, which means that all data does not need to be transmitted during the audit phase. In the meanwhile, the auditor can verify the integrity of multiple ADS-B documents at once, which improves the computational efficiency of the audit. We analyze the integrity and security of the scheme and proved that DOPE is indistinguishable under an ordered chosen-plaintext attack (IND-OCPA). Furthermore, we conclude through performance analysis that the communication overhead is constant and computation overhead is logarithmic level. The proposed scheme is applicable to all data arranged in order, such as hospital records arranged by date and so on. At the same time, ADS-B can be used for urban vehicle monitoring and is a basic means to realize smart transportation.

Cloud technology is advancing rapidly because of it’s capability to replace the traditional computing techniques. Cloud offers various kinds of services for the user that are being used. In this research paper, storage as a service provided by cloud is examined as the data of the owner is being shared to the cloud so we have to ensure that data integrity is being maintained. In order to have a robust mechanism that offers a secure pathway for sharing data different encryption algorithms have been utilized. We investigate all the suitable algorithms with various combinations because any single algorithm is prone to some kind of attack. Testing of these algorithms is done by analyzing the parameters such as time required for execution, use of computational resources, key management, etc. Finally the best one that stands and fulfill all the criteria in a reasonable manner is selected for the purpose of storage.

Homomorphic Encryption (HE) comes as a sophisticated and powerful cryptography system that can preserve the privacy of data in all cases when the data is at rest or even when data is in processing and computing. All the computations needed by the user or the provider can be done on the encrypted data without any need to decrypt it. However, HE has overheads such as big key sizes and long ciphertexts and as a result long execution time. This paper proposes a novel solution for big data analytic based on clustering and the Elliptical Curve Cryptography (ECC). The Extremely Distributed Clustering technique (EDC) has been used to divide big data into several subsets of cloud computing nodes. Different clustering techniques had been investigated, and it was found that using hybrid techniques can improve the performance and efficiency of big data analytic while at the same time data is protected and privacy is preserved using ECC.

Asymmetric warfare and anti-terrorist war have become a new style of military struggle in the new century, which will inevitably have an important impact on the military economy of various countries and catalyze the innovation climax of military logistics theory and practice. The war in the information age is the confrontation between systems, and “comprehensive integration” is not only the idea of information war ability construction, but also the idea of deterrence ability construction in the information age. Looking at the local wars under the conditions of modern informationization, it is not difficult to see that the status and role of light weapons and equipment have not decreased, on the contrary, higher demands have been put forward for their combat performance. From a forward-looking perspective, based on our army's preparation and logistics support for future asymmetric operations and anti-terrorist military struggle, this strategic issue is discussed in depth.

The accessibility of the internet and mobile platforms has risen dramatically due to digital technology innovations. Web applications have opened up a variety of market possibilities by supplying consumers with a wide variety of digital technologies that benefit from high accessibility and functionality. Around the same time, web application protection continues to be an important challenge on the internet, and security must be taken seriously in order to secure confidential data. The threat is caused by inadequate validation of user input information, software developed without strict adherence to safety standards, vulnerability of reusable software libraries, software weakness, and so on. Through abusing a website's vulnerability, introduers are manipulating the user's information in order to exploit it for their own benefit. Then introduers inject their own malicious code, stealing passwords, manipulating user activities, and infringing on customers' privacy. As a result, information is leaked, applications malfunction, confidential data is accessed, etc. To mitigate the aforementioned issues, stacking ensemble based classifier model for Cross-site scripting (XSS) attack detection is proposed. Furthermore, the stacking ensembles technique is used in combination with different machine learning classification algorithms like k-Means, Random Forest and Decision Tree as base-learners to reliably detect XSS attack. Logistic Regression is used as meta-learner to predict the attack with greater accuracy. The classification algorithms in stacking model explore the problem in their own way and its results are given as input to the meta-learner to make final prediction, thus improving the overall detection accuracy of XSS attack in stacking than the individual models. The simulation findings demonstrate that the proposed model detects XSS attack successfully.

The last couple of years have seen IoT-enabled sensors continuing to experience massive growth. Sensors have enhanced the possibility of large-scale IoT deployments in grid systems, vehicles, homes, and so forth. A network that incorporates different embedded systems has the underlying capability of transmitting information and receiving instructions through distributed sensor networks. Sensors are especially essential in gathering different pieces of information that relate to different IoT devices. However, security has become a critical concern for sensor networks that are enabled by the IoT. This is partly because of their design limitations like limited memory, weak processing capability, weak processing ability, and exposure to entities that are malicious. Even more, some ad hoc wireless sensor networks that are enabled by IoT are to some extent also prone to frequent changes in topology. This dynamic aspect tends to aggravate the security issues that are associated with sensors, thus enhancing the need to find a lasting solution. This paper sheds light on the IoT security requirements with special attention to issues related to sensors.

Connecting anything to the Internet is one of the main objectives of the Internet of Things (IoT). It enabled to access any device from anywhere at any time without any human intervention. There are endless applications of IoT involving controlling home applications to industry. This rapid growth of this technology and innovations of its application results due to improved technology of developing these tiny devices with its back-end software. On the other side, internal resources such as memory, processing power, battery life are the significant constraints of these devices. Introducing lightweight cryptography helped secure data transmission across various devices while protecting these devices from getting attacked for DDoS attack is still a significant concern. This paper primarily focuses on elaborating on DDoS attack and the malware used to initiate a DDoS attack on IoT devices. Further, this paper mainly focuses on providing solutions that would help to prevent DDoS attack from IoT network.

Performance measures commonly used in systems security engineering tend to be static, linear, and have limited utility in addressing challenges to security performance from increasingly complex risk environments, adversary innovation, and disruptive technologies. Leveraging key concepts from resilience science offers an opportunity to advance next-generation systems security engineering to better describe the complexities, dynamism, and nonlinearity observed in security performance—particularly in response to these challenges. This article introduces a multilayer network model and modified Continuous Time Markov Chain model that explicitly captures interdependencies in systems security engineering. The results and insights from a multilayer network model of security for a hypothetical nuclear power plant introduce how network-based metrics can incorporate resilience concepts into performance metrics for next generation systems security engineering.

Scientific computing sometimes involves computation on sensitive data. Depending on the data and the execution environment, the HPC (high-performance computing) user or data provider may require confidentiality and/or integrity guarantees. To study the applicability of hardware-based trusted execution environments (TEEs) to enable secure scientific computing, we deeply analyze the performance impact of general purpose TEEs, AMD SEV, and Intel SGX, for diverse HPC benchmarks including traditional scientific computing, machine learning, graph analytics, and emerging scientific computing workloads. We observe three main findings: 1) SEV requires careful memory placement on large scale NUMA machines (1×-3.4× slowdown without and 1×-1.15× slowdown with NUMA aware placement), 2) virtualization-a prerequisite for SEV- results in performance degradation for workloads with irregular memory accesses and large working sets (1×-4× slowdown compared to native execution for graph applications) and 3) SGX is inappropriate for HPC given its limited secure memory size and inflexible programming model (1.2×-126× slowdown over unsecure execution). Finally, we discuss forthcoming new TEE designs and their potential impact on scientific computing.

Security baseline hardening is a baseline configuration framework aims to improve the robustness of the operating system, lowering the risk and impact of breach incidents. In typical best practice, the security baseline hardening requires to have regular check and follow-up to keep the system in-check, this set of activities are called "Security Baseline Audit". The Security Baseline Audit process is responsible by the IT department. In terms of business, this process consumes a fair number of resources such as man-hour, time, and technical knowledge. In a huge production environment, the resources mentioned can be multiplied by the system's amount in the production environment. This research proposes improving the process with automation while maintaining the quality and security level at the standard. Robot Framework, a useful and flexible opensource automation framework, is being utilized in this research following with a very successful result where the configuration is aligned with CIS (Center for Internet Security) run by the automation process. A tremendous amount of time and process are decreased while the configuration is according to this tool's standard.

Artificial intelligence technology is becoming more active in all areas of our lives day by day. This technology affects our daily life by more developing in areas such as industry 4.0, security and education. Deep reinforcement learning is one of the most developed algorithms in the field of artificial intelligence. In this study, it is aimed that three different robots in a limited area learn to move without hitting each other, fixed obstacles and the boundaries of the field. These robots have been trained using the deep reinforcement learning approach and Proximal policy optimization (PPO) policy. Instead of uses value-based methods with the discrete action space, PPO that can easily manipulate the continuous action field and successfully determine the action of the robots has been proposed. PPO policy achieves successful results in multi-agent problems, especially with the use of the Actor-Critic network. In addition, information is given about environment control and learning approaches for swarm behavior. We propose parameter sharing and behavior-based method for this study. Finally, trained model is recorded and tested in 9 different environments where the obstacles are located differently. With our method, robots can perform their tasks in closed environments in the real world without damaging anyone or anything.

Integrity verification of cloud data is of great importance for secure and effective cloud storage since attackers can change the data even though it is encrypted. Traditional integrity verification schemes only let the client know the integrity status of the remote data. When the data is corrupted, the system cannot hold the server accountable. Besides, almost all existing schemes assume that the users are credible. Instead, especially in a dynamic operation environment, users can deny their behaviors, and let the server bear the penalty of data loss. To address the issues above, we propose an accountable dynamic storage integrity verification (ADS-IV) scheme which provides means to detect or eliminate misbehavior of all participants. In the meanwhile, we modify the Invertible Bloom Filter (IBF) to recover the corrupted data and use the Mahalanobis distance to calculate the degree of damage. We prove that our scheme is secure under Computational Diffie-Hellman (CDH) assumption and Discrete Logarithm (DL) assumption and that the audit process is privacy-preserving. The experimental results demonstrate that the computational complexity of the audit is constant; the storage overhead is \$O(\textbackslashtextbackslashsqrt n )\$, which is only 1/400 of the size of the original data; and the whole communication overhead is O(1).As a result, the proposed scheme is not only suitable for large-scale cloud data storage systems, but also for systems with sensitive data, such as banking systems, medical systems, and so on.

Monitoring and managing electric power generation, distribution and transmission requires supervisory control and data acquisition (SCADA) systems. As technology has developed, these systems have become huge, complicated, and distributed, which makes them susceptible to new risks. In particular, the lack of security in SCADA systems make them a target for network attacks such as denial of service (DoS) and developing solutions for this issue is the main objective of this thesis. By reviewing various existing system solutions for securing SCADA systems, a new security approach is recommended that employs Artificial Intelligence(AI). AI is an innovative approach that imparts learning ability to software. Here deep learning algorithms and machine learning algorithms are used to develop an intrusion detection system (IDS) to combat cyber-attacks. Various methods and algorithms are evaluated to obtain the best results in intrusion detection. The results reveal the Bi-LSTM IDS technique provides the highest intrusion detection (ID) performance compared with previous techniques to secure SCADA systems

This Innovative Practice full paper describes a technical innovation for scalable teaching of cybersecurity hands-on classes using interactive learning environments. Hands-on experience significantly improves the practical skills of learners. However, the preparation and delivery of hands-on classes usually do not scale. Teaching even small groups of students requires a substantial effort to prepare the class environment and practical assignments. Further issues are associated with teaching large classes, providing feedback, and analyzing learning gains. We present our research effort and practical experience in designing and using learning environments that scale up hands-on cybersecurity classes. The environments support virtual networks with full-fledged operating systems and devices that emulate realworld systems. The classes are organized as simultaneous training sessions with cybersecurity assignments and learners' assessment. For big classes, with the goal of developing learners' skills and providing formative assessment, we run the environment locally, either in a computer lab or at learners' own desktops or laptops. For classes that exercise the developed skills and feature summative assessment, we use an on-premises cloud environment. Our approach is unique in supporting both types of deployment. The environment is described as code using open and standard formats, defining individual hosts and their networking, configuration of the hosts, and tasks that the students have to solve. The environment can be repeatedly created for different classes on a massive scale or for each student on-demand. Moreover, the approach enables learning analytics and educational data mining of learners' interactions with the environment. These analyses inform the instructor about the student's progress during the class and enable the learner to reflect on a finished training. Thanks to this, we can improve the student class experience and motivation for further learning. Using the presented environments KYPO Cyber Range Platform and Cyber Sandbox Creator, we delivered the classes on-site or remotely for various target groups of learners (K-12, university students, and professional learners). The learners value the realistic nature of the environments that enable exercising theoretical concepts and tools. The instructors value time-efficiency when preparing and deploying the hands-on activities. Engineering and computing educators can freely use our software, which we have released under an open-source license. We also provide detailed documentation and exemplary hands-on training to help other educators adopt our teaching innovations and enable sharing of reusable components within the community.

The EU goal of achieving carbon neutrality by 2050 will require profound changes in the electricity supply chain. In this context, Distribution System Operators (DSOs) are expected to adopt solutions to efficiently integrate distributed energy resources (DER), including the implementation of local flexibility mechanisms. Thus, DSOs would procure services from DER like distributed generation, demand response, or storage to support grid expansion, attain significant cost savings, and swifter DER integration. However, the use of flexibility mechanisms still faces barriers posed by national regulation. Regulatory sandboxes may be used to overcome this gap by enabling and supporting the development of local flexibility mechanisms. This paper performs an international review of four leading countries in the use of sandbox and flexibility, identifies best practices, and, based on the lessons learned, provides recommendations to implement local flexibility mechanisms for DSOs in Spain under regulatory sandboxes

This paper builds an Augmented Reality Sandbox (AR Sandbox) system based on augmented reality technology, and performs a 3D reconstruction for the sandbox terrain using the depth sensor Microsoft Kinect in the AR Sandbox, as an entry point to pave the way for later development of related metaverse applications, such as the metaverse architecting and visual interactive modeling. The innovation of this paper is that for the AR Sandbox scene, a 3D reconstruction method based on depth sensor is proposed, which can automatically cut off the edge of the sandbox table in Kinect field of view, and accurately and completely reconstruct the sandbox terrain in Matlab.

Zero- Knowledge Proof is a cryptographic protocol exercised to render privacy and data security by securing the identity of users and using services anonymously. It finds numerous applications; authentication is one of them. A Zero-Knowledge Proof-based authentication system is discussed in this paper. Advanced Encryption Standard (AES) and Secure Remote Password (SRP) protocol have been used to design and build the ZKP based authentication system. SRP is a broadly used Password Authenticated Key Exchange (PAKE) protocol. The proposed method overcomes several drawbacks of traditional and commonly used authentication systems such as a simple username and plaintext password-based system, multi-factor authentication system and others.

For the intra-pulse modulation classification of radar signal, traditional deep learning algorithms have poor recognition performance without numerous training samples. Meanwhile, the receiver may intercept few pulse radar signals in the real scenes of electronic reconnaissance. To solve this problem, a structure which is made up of signal pretreatment by Smooth Pseudo Wigner-Ville (SPWVD) analysis algorithm, convolution neural network (CNN) and relation network (RN) is proposed in this study. The experimental results show that its classification accuracy is 94.24% under 20 samples per class training and the signal-to-noise ratio (SNR) is -4dB. Moreover, it can classify the novel types without further updating the network.

Modern Intelligent Transport Systems (ITSs) are comprehensive applications that have to cope with a multitude of challenges while meeting strict service and security standards. A novel data-centric middleware that provides the foundation of such systems is presented in this paper. This middleware is designed for high scalability, fast data processing and multimodality. To achieve these goals, an innovative spatial annotation (SpatiaIJSON) is utilised. SpatialJSON allows the representation of geometry, topology and traffic information in one dataset. Data processing is designed in such a manner that any schema or ontology can be used to express information. Further, common concerns of ITSs are addressed, such as authenticity of messages. The core task, however, is to ensure a quick exchange of evaluated information between the individual traffic participants.

In these days, malware attacks target different kinds of devices as IoT, mobiles, servers even the cloud. It causes several hardware damages and financial losses especially for big companies. Malware attacks represent a serious issue to cybersecurity specialists. In this paper, we propose a new approach to detect unknown malware families based on machine learning classification and visualization technique. A malware binary is converted to grayscale image, then for each image a GIST descriptor is used as input to the machine learning model. For the malware classification part we use 3 machine learning algorithms. These classifiers are so efficient where the highest precision reach 98%. Once we train, test and evaluate models we move to simulate 2 new malware families. We do not expect a good prediction since the model did not know the family; however our goal is to analyze the behavior of our classifiers in the case of new family. Finally, we propose an approach using a filter to know either the classification is normal or it's a zero-day malware.

Malware classification helps to understand its purpose and is also an important part of attack detection. And it is also an important part of discovering attacks. Due to continuous innovation and development of artificial intelligence, it is a trend to combine deep learning with malware classification. In this paper, we propose an improved malware image rescaling algorithm (IMIR) based on local mean algorithm. Its main goal of IMIR is to reduce the loss of information from samples during the process of converting binary files to image files. Therefore, we construct a neural network structure based on VGG model, which is suitable for image classification. In the real world, a mass of malware family labels are inaccurate or lacking. To deal with this situation, we propose a novel method to train the deep neural network by Semi-supervised Generative Adversarial Network (SGAN), which only needs a small amount of malware that have accurate labels about families. By integrating SGAN with weak coupling, we can retain the weak links of supervised part and unsupervised part of SGAN. It improves the accuracy of malware classification by making classifiers more independent of discriminators. The results of experimental demonstrate that our model achieves exhibiting favorable performance. The recalls of each family in our data set are all higher than 93.75%.

Some of the recent reports show that Power Grid is a target of attack and gradually the need for understanding the security of Grid network is getting a prime focus. The Department of Homeland Security has imposed focus on Cyber Threats on Power Grid in their "Cyber Security Strategy,2018" [1] . DHS has focused on innovations to manage risk attacks on Power System based national resources. Power Grid is a cyber physical system which consists of power flow and data transmission. The important part of a microgrid is the two-way power flow which makes the system complex on monitoring and control. In this paper, we have tried to study different types of attacks which change the data propagation of Synchrophasor, network communication interruption behavior and find the data propagation scenario due to attack. The focus of the paper is to develop a platform for Synchrophasor based data network attack study which is a part of Microgrid design. Different types of intrusion models were studied to observe change in Synchrophasor data pattern which will help for further prediction to improve Microgrid resiliency for different types of cyber-attack.

Aiming at the fact that the existing feature quantities cannot well identify the magnetizing inrush current during remanence and bias and the huge number of feature quantities, a new identification method using empirical mode decomposition energy index and artificial intelligence algorithm is proposed in 'this paper. Decomposition and denoising are realized through empirical mode decomposition, and then the corresponding energy index is obtained for the waveform of each inherent modal component and simplified by the mean impact value method. Finally, the accuracy of prediction using artificial intelligence algorithm is close to 100%. This reflects the practicality of the method proposed in 'this article.