Biblio

As the voucher for identity, digital certificates and the public key infrastructure (PKI) system have always played a vital role to provide the authentication services. In recent years, with the increase in attacks on traditional centralized PKIs and the extensive deployment of blockchains, researchers have tried to establish blockchain-based secure decentralized PKIs and have made significant progress. Although blockchain enhances security, it brings new problems in scalability due to the inherent limitations of blockchain’s data structure and consensus mechanism, which become much severe for the massive access in the era of 5G and B5G. In this paper, we propose ScalaCert to mitigate the scalability problems of blockchain-based PKIs by utilizing redactable blockchain for "on-cert" revocation. Specifically, we utilize the redactable blockchain to record revocation information directly on the original certificate ("on-cert") and remove additional data structures such as CRL, significantly reducing storage overhead. Moreover, the combination of redactable and consortium blockchains brings a new kind of attack called deception of versions (DoV) attack. To defend against it, we design a random-block-node-check (RBNC) based freshness check mechanism. Security and performance analyses show that ScalaCert has sufficient security and effectively solves the scalability problem of the blockchain-based PKI system.

With the growing number of IoT applications and devices, IoT security breaches are a dangerous reality. Cost pressure and complexity of security tests for embedded systems and networked infrastructure are often the excuse for skipping them completely. In our paper we introduce SecLab security test lab to overcome that problem. Based on a flexible and lightweight architecture, SecLab allows developers and IoT security specialists to harden their systems with a low entry hurdle. The open architecture supports the reuse of existing external security test libraries and scalability for the assessment of complex IoT Systems. A reference implementation of security tests in a realistic IoT application scenario proves the approach.

A formal modeling language MCD for concurrent systems is proposed, and its syntax, semantics and formal definitions are given. MCD uses modules as basic components, and that the detection rules are not perfect, resulting in packets that do not belong to intrusion attacks being misjudged as attacks, respectively. Then the data detection algorithm based on MCD concurrency model protects hidden computer viruses and security threats, and the efficiency is increased by 7.5% Finally, the computer network security protection system is researched based on security modeling.

The Internet of Things (IoT) is advancing technology by creating smart surroundings that make it easier for humans to do their work. This technological advancement not only improves human life and expands economic opportunities, but also allows intruders or attackers to discover and exploit numerous methods in order to circumvent the security of IoT networks. Hence, security and privacy are the key concerns to the IoT networks. It is vital to protect computer and IoT networks from many sorts of anomalies and attacks. Traditional intrusion detection systems (IDS) collect and employ large amounts of data with irrelevant and inappropriate attributes to train machine learning models, resulting in long detection times and a high rate of misclassification. This research presents an advance approach for the design of IDS for IoT networks based on the Particle Swarm Optimization Algorithm (PSO) for feature selection and the Extreme Gradient Boosting (XGB) model for PSO fitness function. The classifier utilized in the intrusion detection process is Random Forest (RF). The IoTID20 is being utilized to evaluate the efficacy and robustness of our suggested strategy. The proposed system attains the following level of accuracy on the IoTID20 dataset for different levels of classification: Binary classification 98 %, multiclass classification 83 %. The results indicate that the proposed framework effectively detects cyber threats and improves the security of IoT networks.

Recently, unmanned aerial vehicle (UAV) swarm has been advocated to provide diverse data-centric services including data relay, content caching and computing task offloading in vehicular networks due to their flexibility and conveniences. Since only offloading computing tasks to edge computing devices (ECDs) can not meet the real-time demand of vehicles in peak traffic flow, this paper proposes to combine edge computing and UAV swarm for cooperative task offloading in vehicular networks. Specifically, we first design a cooperative task offloading framework that vehicles' computing tasks can be executed locally, offloaded to UAV swarm, or offloaded to ECDs. Then, the selection of offloading strategy is formulated as a mixed integer nonlinear programming problem, the object of which is to maximize the utility of the vehicle. To solve the problem, we further decompose the original problem into two subproblems: minimizing the completion time when offloading to UAV swarm and optimizing the computing resources when offloading to ECD. For offloading to UAV swarm, the computing task will be split into multiple subtasks that are offloaded to different UAVs simultaneously for parallel computing. A Q-learning based iterative algorithm is proposed to minimize the computing task's completion time by equalizing the completion time of its subtasks assigned to each UAV. For offloading to ECDs, a gradient descent algorithm is used to optimally allocate computing resources for offloaded tasks. Extensive simulations are lastly conducted to demonstrate that the proposed scheme can significantly improve the utility of vehicles compared with conventional schemes.

Classification problems have been part of numerous real-life applications in fields of security, medicine, agriculture, and more. Due to the wide range of applications, there is a constant need for more accurate and efficient methods. Besides more efficient and better classification algorithms, the optimal feature set is a significant factor for better classification accuracy. In general, more features can better describe instances, but besides showing differences between instances of different classes, it can also capture many similarities that lead to wrong classification. Determining the optimal feature set can be considered a hard optimization problem for which different metaheuristics, like swarm intelligence algorithms can be used. In this paper, we propose an adaptation of hybridized swarm intelligence (SI) algorithm for feature selection problem. To test the quality of the proposed method, classification was done by k-means algorithm and it was tested on 17 benchmark datasets from the UCI repository. The results are compared to similar approaches from the literature where SI algorithms were used for feature selection, which proves the quality of the proposed hybridized SI method. The proposed method achieved better classification accuracy for 16 datasets. Higher classification accuracy was achieved while simultaneously reducing the number of used features.

As a core problem of multi-agent systems, multiagent pathfinding has an important impact on the efficiency of multi-agent systems. Because of this, many novel multi-agent pathfinding methods have been proposed over the years. However, these methods have focused on different agents with different goals for research, and less research has been done on scenarios where different agents have the same goal. We propose a multiagent pathfinding method incorporating a multi-objective gray wolf optimization algorithm to solve the multi-agent pathfinding problem with the same objective. First, constrained optimization modeling is performed to obtain objective functions about agent wholeness and security. Then, the multi-objective gray wolf optimization algorithm is improved for solving the constrained optimization problem and further optimized for scenarios with insufficient computational resources. To verify the effectiveness of the multi-objective gray wolf optimization algorithm, we conduct experiments in a series of simulation environments and compare the improved multi-objective grey wolf optimization algorithm with some classical swarm intelligence optimization algorithms. The results show that the multi-agent pathfinding method incorporating the multi-objective gray wolf optimization algorithm is more efficient in handling multi-agent pathfinding problems with the same objective.

Swarm robotics is a network based multi-device system designed to achieve shared objectives in a synchronized way. This system is widely used in industries like farming, manufacturing, and defense applications. In recent implementations, swarm robotics is integrated with Blockchain based networks to enhance communication, security, and decentralized decision-making capabilities. As most of the current blockchain applications are based on complex consensus algorithms, every individual robot in the swarm network requires high computing power to run these complex algorithms. Thus, it is a challenging task to achieve consensus between the robots in the network. This paper will discuss the details of designing an effective consensus algorithm that meets the requirements of swarm robotics network.

Physical layer security is an emerging security area to tackle wireless security communications issues and complement conventional encryption-based techniques. Thus, we propose a novel scheme based on swarm intelligence optimization technique and a deep neural network (DNN) for maximizing the secrecy energy efficiency (SEE) in a cooperative relaying underlay cognitive radio- and non-orthogonal multiple access (NOMA) system with a non-linear energy harvesting user which is exposed to multiple eavesdroppers. Satisfactorily, simulation results show that the proposed particle swarm optimization (PSO)-DNN framework achieves close performance to that of the optimal solutions, with a meaningful reduction in computation complexity.

Advanced metamorphic malware and ransomware use techniques like obfuscation to alter their internal structure with every attack. Therefore, any signature extracted from such attack, and used to bolster endpoint defense, cannot avert subsequent attacks. Therefore, if even a single such malware intrudes even a single device of an IoT network, it will continue to infect the entire network. Scenarios where an entire network is targeted by a coordinated swarm of such malware is not beyond imagination. Therefore, the IoT era also requires Industry-4.0 grade AI-based solutions against such advanced attacks. But AI-based solutions need a large repository of data extracted from similar attacks to learn robust representations. Whereas, developing a metamorphic malware is a very complex task and requires extreme human ingenuity. Hence, there does not exist abundant metamorphic malware to train AI-based defensive solutions. Also, there is currently no system that could generate enough functionality preserving metamorphic variants of multiple malware to train AI-based defensive systems. Therefore, to this end, we design and develop a novel system, named X-Swarm. X-Swarm uses deep policy-based adversarial reinforcement learning to generate swarm of metamorphic instances of any malware by obfuscating them at the opcode level and ensuring that they could evade even capable, adversarial-attack immune endpoint defense systems.

The rapid growth of number of devices that are connected to internet of things (IoT) networks, increases the severity of security problems that need to be solved in order to provide safe environment for network data exchange. The discovery of new vulnerabilities is everyday challenge for security experts and many novel methods for detection and prevention of intrusions are being developed for dealing with this issue. To overcome these shortcomings, artificial intelligence (AI) can be used in development of advanced intrusion detection systems (IDS). This allows such system to adapt to emerging threats, react in real-time and adjust its behavior based on previous experiences. On the other hand, the traffic classification task becomes more difficult because of the large amount of data generated by network systems and high processing demands. For this reason, feature selection (FS) process is applied to reduce data complexity by removing less relevant data for the active classification task and therefore improving algorithm's accuracy. In this work, hybrid version of recently proposed sand cat swarm optimizer algorithm is proposed for feature selection with the goal of increasing performance of extreme learning machine classifier. The performance improvements are demonstrated by validating the proposed method on two well-known datasets - UNSW-NB15 and CICIDS-2017, and comparing the results with those reported for other cutting-edge algorithms that are dealing with the same problems and work in a similar configuration.

The development of new types of technology actualizes the issues of ensuring their information security. The aim of the work is to increase the security of the collective decision-making process in swarm robotic systems from negative impacts by identifying malicious robots. It is proposed to use confidence in choosing an alternative when reaching a consensus as a criterion for identifying malicious robots - a malicious robot, having a special behavior strategy, does not fully take into account the signs of the external environment and information from other robots, which means that such a robot will change its mind with characteristic features for each malicious strategy, and its degree of confidence will be different from the usual voting robot. The modeling performed and the obtained experimental data on three types of malicious behavioral strategies demonstrate the possibility of using the degree of confidence to identify malicious robots. The advantages of the approach are taking into account a large number of alternatives and universality, which lies in the fact that the method is based on the mechanisms of collective decision-making, which proceed in the same way on various hardware platforms of swarm robotic systems. The proposed method can serve as a basis for the development of more complex security mechanisms in swarm robotic systems.

The Open Web Application Security Project (OWASP) (a non-profit foundation that works to improve computer security) considered, in 2021, injection as one of the biggest risks in web applications. SQL injection despite being a vulnerability easily avoided has a great insurgency in web applications, and its impact is quite nefarious. To identify and exploit vulnerabilities in a system, algorithms based on Swarm Intelligence (SI) can be used. This article proposes and describes a new approach that uses SI and attack vectors to identify Structured Query Language (SQL) Injection vulnerabilities. The results obtained show the efficiency of the proposed approach.

Due to the rise of the internet a business model known as online advertising has seen unprecedented success. However, it has also become a prime method through which criminals can scam people. Often times even legitimate websites contain advertisements that are linked to scam websites since they are not verified by the website’s owners. Scammers have become quite creative with their attacks, using various unorthodox and inconspicuous methods such as I-frames, Favicons, Proxy servers, Domains, etc. Many modern Anti-viruses are paid services and hence not a feasible option for most users in 3rd world countries. Often people don’t possess devices that have enough RAM to even run such software efficiently leaving them without any options. This project aims to create a Browser extension that will be able to distinguish between safe and unsafe websites by utilizing Machine Learning algorithms. This system is lightweight and free thus fulfilling the needs of most people looking for a cheap and reliable security solution and allowing people to surf the internet easily and safely. The system will scan all the intermittent URL clicks as well, not just the main website thus providing an even greater degree of security.

A rendering regression is a bug introduced by a web browser where a web page no longer functions as users expect. Such rendering bugs critically harm the usability of web browsers as well as web applications. The unique aspect of rendering bugs is that they affect the presented visual appearance of web pages, but those web pages have no pre-defined correct appearance. Therefore, it is challenging to automatically detect errors in their appearance. In practice, web browser vendors rely on non-trivial and time-prohibitive manual analysis to detect and handle rendering regressions. This paper proposes R2Z2, an automated tool to find rendering regressions. R2Z2 uses the differential fuzz testing approach, which repeatedly compares the rendering results of two different versions of a browser while providing the same HTML as input. If the rendering results are different, R2Z2 further performs cross browser compatibility testing to check if the rendering difference is indeed a rendering regression. After identifying a rendering regression, R2Z2 will perform an in-depth analysis to aid in fixing the regression. Specifically, R2Z2 performs a delta-debugging-like analysis to pinpoint the exact browser source code commit causing the regression, as well as inspecting the rendering pipeline stages to pinpoint which pipeline stage is responsible. We implemented a prototype of R2Z2 particularly targeting the Chrome browser. So far, R2Z2 found 11 previously undiscovered rendering regressions in Chrome, all of which were confirmed by the Chrome developers. Importantly, in each case, R2Z2 correctly reported the culprit commit. Moreover, R2Z2 correctly pin-pointed the culprit rendering pipeline stage in all but one case.

Nowadays, the number of new websites in Thailand has been increasing every year. However, there is a lack of security on some of those websites which causes negative effects and damage. This has also resulted in numerous violations. As a result, these violations cause delays in the situation analysis. Additionally, the cost of effective and well-established digital forensics tools is still expensive. Therefore, this paper has presented the idea of using freeware digital forensics tools to test their performances and compare them with the standards of the digital forensics process. The results of the paper suggest that the tested tools have significant differences in functions and process. WEFA Web Forensics tool is the most effective tool as it supports 3 standards up to 8 out of 10 processes, followed by Browser History View which supports 7 processes, Browser History Spy and Browser Forensic Web Tool respectively, supports 5 processes. The Internet history Browser supports 4 processes as compared to the basic process of the standardization related to forensics.

Today, many internet-based applications, especially e-commerce and banking applications, require the transfer of personal data and sensitive data such as credit card information, and in this process, all operations are carried out over the Internet. Users frequently perform these transactions, which require high security, on web sites they access via web browsers. This makes the browser one of the most basic software on the Internet. The security of the communication between the user and the website is provided with SSL certificates, which is used for server authentication. Certificates issued by Certificate Authorities (CA) that have passed international audits must meet certain conditions. The criteria for the issuance of certificates are defined in the Baseline Requirements (BR) document published by the Certificate Authority/Browser (CA/B) Forum, which is accepted as the authority in the WEB Public Key Infrastructure (WEB PKI) ecosystem. Issuing the certificates in accordance with the defined criteria is not sufficient on its own to establish a secure SSL connection. In order to ensure a secure connection and confirm the identity of the website, the certificate validation task falls to the web browsers with which users interact the most. In this study, a comprehensive SSL certificate public key infrastructure (SSL Test Suite) was established to test the behavior of web browsers against certificates that do not comply with BR requirements. With the designed test suite, it is aimed to analyze the certificate validation behaviors of web browsers effectively.

Modern web applications are getting more sophisticated by using frameworks that make development easy, but pose challenges for security analysis tools. New analysis techniques are needed to handle such frameworks that grow in number and popularity. In this paper, we describe Gelato that addresses the most crucial challenges for a security-aware client-side analysis of highly dynamic web applications. In particular, we use a feedback-driven and state-aware crawler that is able to analyze complex framework-based applications automatically, and is guided to maximize coverage of security-sensitive parts of the program. Moreover, we propose a new lightweight client-side taint analysis that outperforms the state-of-the-art tools, requires no modification to browsers, and reports non-trivial taint flows on modern JavaScript applications. Gelato reports vulnerabilities with higher accuracy than existing tools and achieves significantly better coverage on 12 applications of which three are used in production.

We performed a large-scale online survey (n=1,880) to study the padlock icon, an established security indicator in web browsers that denotes connection security through HTTPS. In this paper, we evaluate users’ understanding of the padlock icon, and how removing or replacing it might influence their expectations and decisions. We found that the majority of respondents (89%) had misconceptions about the padlock’s meaning. While only a minority (23%-44%) referred to the padlock icon at all when asked to evaluate trustworthiness, these padlock-aware users reported that they would be deterred from a hypothetical shopping transaction when the padlock icon was absent. These users were reassured after seeing secondary UI surfaces (i.e., Chrome Page Info) where more verbose information about connection security was present.We conclude that the padlock icon, displayed by browsers in the address bar, is still misunderstood by many users. The padlock icon guarantees connection security, but is often perceived to indicate the general privacy, security, and trustworthiness of a website. We argue that communicating connection security precisely and clearly is likely to be more effective through secondary UI, where there is more surface area for content. We hope that this paper boosts the discussion about the benefits and drawbacks of showing passive security indicators in the browser UI.

Payment is an essential part of e-commerce. Merchants usually rely on third-parties, so-called payment processors, who take care of transferring the payment from the customer to the merchant. How a payment processor interacts with the customer and the merchant varies a lot. Each payment processor typically invents its own protocol that has to be integrated into the merchant’s application and provides the user with a new, potentially unknown and confusing user experience.Pushed by major companies, including Apple, Google, Master-card, and Visa, the W3C is currently developing a new set of standards to unify the online checkout process and “streamline the user’s payment experience”. The main idea is to integrate payment as a native functionality into web browsers, referred to as the Web Payment APIs. While this new checkout process will indeed be simple and convenient from an end-user perspective, the technical realization requires rather significant changes to browsers.Many major browsers, such as Chrome, Firefox, Edge, Safari, and Opera, already implement these new standards, and many payment processors, such as Google Pay, Apple Pay, or Stripe, support the use of Web Payment APIs for payments. The ecosystem is constantly growing, meaning that the Web Payment APIs will likely be used by millions of people worldwide.So far, there has been no in-depth security analysis of these new standards. In this paper, we present the first such analysis of the Web Payment APIs standards, a rigorous formal analysis. It is based on the Web Infrastructure Model (WIM), the most comprehensive model of the web infrastructure to date, which, among others, we extend to integrate the new payment functionality into the generic browser model.Our analysis reveals two new critical vulnerabilities that allow a malicious merchant to over-charge an unsuspecting customer. We have verified our attacks using the Chrome implementation and reported these problems to the W3C as well as the Chrome developers, who have acknowledged these problems. Moreover, we propose fixes to the standard, which by now have been adopted by the W3C and Chrome, and prove that the fixed Web Payment APIs indeed satisfy strong security properties.

To keep up with the continuous modernization of web applications and to facilitate their development, a large number of new features are introduced to the web platform every year. Although new web features typically undergo a security review, issues affecting the privacy and security of users could still surface at a later stage, requiring the deprecation and removal of affected APIs. Furthermore, as the web evolves, so do the expectations in terms of security and privacy, and legacy features might need to be replaced with improved alternatives. Currently, this process of deprecating and removing features is an ad-hoc effort that is largely uncoordinated between the different browser vendors. This causes a discrepancy in terms of compatibility and could eventually lead to the deterrence of the removal of an API, prolonging potential security threats. In this paper we propose a progressive security mechanism that aims to facilitate and standardize the deprecation and removal of features that pose a risk to users’ security, and the introduction of features that aim to provide additional security guarantees.

The popularity of portable web browsers is increasing due to its convenient and compact nature along with the benefit of the data being stored and transferred easily using a USB drive. As technology gets updated frequently, developers are working on web browsers that can be portable in nature with additional security features like private mode browsing, built in ad blockers etc. The increased probability of using portable web browsers for carrying out nefarious activities is a result of cybercriminals with the thought that if they use portable web browsers in private mode it won't leave a digital footprint. Hence, the research paper aims at performing a comparative study of four portable web browsers namely Brave, TOR, Vivaldi, and Maxthon along with various memory acquisition tools to understand the quantity and quality of the data that can be recovered from the memory dump in two different conditions that is when the browser tabs were open and when the browser tabs were closed in a system to aid the forensic investigators.

Web browsers are among the most important but also complex software solutions to access the web. It is therefore not surprising that web browsers are an attractive target for attackers. Especially in the last decade, security researchers and browser vendors have developed sandboxing mechanisms like security-relevant HTTP headers to tackle the problem of getting a more secure browser. Although the security community is aware of the importance of security-relevant HTTP headers, legacy applications and individual requests from different parties have led to possible insecure configurations of these headers. Even if specific security headers are configured correctly, conflicts in their functionalities may lead to unforeseen browser behaviors and vulnerabilities. Recently, the first work which analyzed duplicated headers and conflicts in headers was published by Calzavara et al. at USENIX Security [1]. The authors focused on inconsistent protections by using both, the HTTP header X-Frame-Options and the framing protection of the Content-Security-Policy.We extend their work by analyzing browser behaviors when parsing duplicated headers, conflicting directives, and values that do not conform to the defined ABNF metalanguage specification. We created an open-source testbed running over 19,800 test cases, at which nearly 300 test cases are executed in the set of 66 different browsers. Our work shows that browsers conform to the specification and behave securely. However, all tested browsers behave differently when it comes, for example, to parsing the Strict-Transport-Security header. Moreover, Chrome, Safari, and Firefox behave differently if the header contains a character, which is not allowed by the defined ABNF. This results in the protection mechanism being fully enforced, partially enforced, or not enforced and thus completely bypassable.

Permanent magnet synchronous motors (PMSM) are widely used in the shafts of industrial robots. The quality consistency of PMSM, derived from both the wide range of operating temperature and inherent uncertainties, significantly influences the application of the PMSM. In this paper, the mechanism of temperature influence on the PMSM is analyzed with the aid of the digital model, and the quantitative relationship between the main PMSM feature, the cogging torque, and the temperature is revealed. Then, the NdFeB remanence in different temperature levels was measured to obtain its temperature coefficient. The finite element method is used to simulate PMSM. The qualitative and quantitative conclusions of cogging torque drop when the temperature rises are verified by experiments. The magnetic performance data of the magnetic tiles of 50 motors were randomly sampled and the cogging torque simulation was carried out under the fixed ambient temperature. The results show that the dispersion significantly increases the stray harmonic components of the cogging torque.

A new methodology to calculate the hysteresis induced power loss of inductor from the measured waveforms of DC-to-DC converter during the voltage conversion is presented. From this study, we find that the duty cycles (D) of the buck and boost converters used till date for inductance current calculation are not exactly equal to VOUT/VIN and 1-VIN/VOUT as the inductance change induced by the hysteresis effect cannot be neglected. Although the increase in the loading currents of the converter increases the remanence magnetization of inductor at the turn-off time (toff), this remanence magnetization is destroyed by the turbulence induced vortex current at the transistor turn-on transient. So, the core power loss of inductor increases with the loading current of the converter and becomes much larger than other power losses and cannot be neglected for the power efficiency calculation during power stage design.