Biblio
Filters: Keyword is security scalability [Clear All Filters]
Research on system construction under the operation mode of power grid cloud security management platform. 2022 IEEE 2nd International Conference on Data Science and Computer Application (ICDSCA). :981–984.
.
2022. A unified cloud management platform is the key to efficient and secure management of cloud computing resources. To improve the operation effect of the power cloud service platform, power companies can use the micro-service architecture technology to carry out data processing, information integration, and innovative functional architecture of the power cloud service platform, realize the optimal design of the power cloud service platform and improve the power cloud service platform-security service quality. According to the technical requirements of the power cloud security management platform, this paper designs the technical architecture of the power unified cloud security management platform and expounds on the functional characteristics of the cloud security management platform to verify the feasibility and effectiveness of the cloud security management platform.
Towards a Security Stress-Test for Cloud Configurations. 2022 IEEE 15th International Conference on Cloud Computing (CLOUD). :191–196.
.
2022. Securing cloud configurations is an elusive task, which is left up to system administrators who have to base their decisions on "trial and error" experimentations or by observing good practices (e.g., CIS Benchmarks). We propose a knowledge, AND/OR, graphs approach to model cloud deployment security objects and vulnerabilities. In this way, we can capture relationships between configurations, permissions (e.g., CAP\_SYS\_ADMIN), and security profiles (e.g., AppArmor and SecComp). Such an approach allows us to suggest alternative and safer configurations, support administrators in the study of what-if scenarios, and scale the analysis to large scale deployments. We present an initial validation and illustrate the approach with three real vulnerabilities from known sources.
A Scalable Single-Input-Multiple-Output DC/DC Converter with Enhanced Load Transient Response and Security for Low-Power SoCs. 2022 IEEE International Symposium on Circuits and Systems (ISCAS). :1497–1501.
.
2022. This paper presents a scalable single-input-multiple-output DC/DC converter targeting load transient response and security improvement for low-power System-on-Chips (SoCs). A two-stage modular architecture is introduced to enable scalability. The shared switched-capacitor pre-charging circuits are implemented to improve load transient response and decouple correlations between inputs and outputs. The demo version of the converter has three identical outputs, each supporting 0.3V to 0.9V with a maximum load current of 150mA. Based on post-layout simulation results in 32nm CMOS process, the converter output provides 19.3V/μs reference tracking speed and 27mA/ns workload transitions with negligible voltage droops or spikes. No cross regulation is observed at any outputs with a worst-case voltage ripple of 68mV. Peak efficiency reaches 85.5% for each output. With variable delays added externally, the input-output correlations can change 10 times and for steady-state operation, such correlation factors are always kept below 0.05. The converter is also scaled to support 6 outputs with only 0.56mm2 more area and maintains same load transient response performance.
Redactable Blockchain Using Lattice-based Chameleon Hash Function. 2022 International Conference on Blockchain Technology and Information Security (ICBCTIS). :94–98.
.
2022. Blockchain as a tamper-proof, non-modifiable and traceable distributed ledger technology has received extensive attention. Although blockchain's immutability provides security guarantee, it prevents the development of new blockchain technology. As we think, there are several arguments to prefer a controlled modifiable blockchain, from the possibility to cancel the transaction and necessity to remove the illicit or harmful documents, to the ability to support the scalability of blockchain. Meanwhile, the rapid development of quantum technology has made the establishment of post-quantum cryptosystems an urgent need. In this paper, we put forward the first lattice-based redactable consortium blockchain scheme that makes it possible to rewrite or repeal the content of any blocks. Our approach uses a consensus-based election and lattice-based chameleon hash function (Cash and Hofheinz etc. EUROCRYPT 2010). With knowledge of secret trapdoor, the participant could find the hash collisions efficiently. And each member of the consortium blockchain has the right to edit the history.
On the Performance and Scalability of Simulators for Improving Security and Safety of Smart Cities. 2022 IEEE 27th International Conference on Emerging Technologies and Factory Automation (ETFA). :1–8.
.
2022. Simulations have gained paramount importance in terms of software development for wireless sensor networks and have been a vital focus of the scientific community in this decade to provide efficient, secure, and safe communication in smart cities. Network Simulators are widely used for the development of safe and secure communication architectures in smart city. Therefore, in this technical survey report, we have conducted experimental comparisons among ten different simulation environments that can be used to simulate smart-city operations. We comprehensively analyze and compare simulators COOJA, NS-2 with framework Mannasim, NS-3, OMNeT++ with framework Castalia, WSNet, TOSSIM, J-Sim, GloMoSim, SENSE, and Avrora. These simulators have been run eight times each and comparison among them is critically scrutinized. The main objective behind this research paper is to assist developers and researchers in selecting the appropriate simulator against the scenario to provide safe and secure wired and wireless networks. In addition, we have discussed the supportive simulation environments, functions, and operating modes, wireless channel models, energy consumption models, physical, MAC, and network-layer protocols in detail. The selection of these simulation frameworks is based on features, literature, and important characteristics. Lastly, we conclude our work by providing a detailed comparison and describing the pros and cons of each simulator.
Security Automation using Traffic Flow Modeling. 2022 IEEE 8th International Conference on Network Softwarization (NetSoft). :486–491.
.
2022. he growing trend towards network “softwarization” allows the creation and deployment of even complex network environments in a few minutes or seconds, rather than days or weeks as required by traditional methods. This revolutionary approach made it necessary to seek automatic processes to solve network security problems. One of the main issues in the automation of network security concerns the proper and efficient modeling of network traffic. In this paper, we describe two optimized Traffic Flows representation models, called Atomic Flows and Maximal Flows. In addition to the description, we have validated and evaluated the proposed models to solve two key network security problems - security verification and automatic configuration - showing the advantages and limitations of each solution.
Experimental Analysis of the Performance and Scalability of Network Time Security for the Network Time Protocol. 2022 IEEE International Symposium on Precision Clock Synchronization for Measurement, Control, and Communication (ISPCS). :1–7.
.
2022. Network Time Security (NTS) standardizes mechanisms that allow clients to authenticate timing information received via Network Time Protocol (NTP). NTS includes a new key establishment protocol, NTS-KE, and extension fields for NTPv4 which, when utilized together, allow clients to authenticate messages from time servers. Utilizing an open source implementation of each, we determine the existence and severity of any performance or scalability impact introduced by NTS when compared to NTP. We found that conducting individual authenticated time transfer takes approximately 116% longer when utilizing NTS over NTP. Additionally, we found that NTS-KE can only support approximately 2000 requests per second before a substantial and consistent increase in turnaround time is observed.
A Scalable Integrated DC/DC Converter with Enhanced Load Transient Response and Security for Emerging SoC Applications. 2022 IEEE 65th International Midwest Symposium on Circuits and Systems (MWSCAS). :1–4.
.
2022. In this paper we propose a novel integrated DC/DC converter featuring a single-input-multiple-output architecture for emerging System-on-Chip applications to improve load transient response and power side-channel security. The converter is able to provide multiple outputs ranging from 0.3V to 0.92V using a global 1V input. By using modularized circuit blocks, the converter can be extended to provide higher power or more outputs with minimal design complexity. Performance metrics including power efficiency and load transient response can be well maintained as well. Implemented in 32nm technology, single output efficiency can reach to 88% for the post layout models. By enabling delay blocks and circuits sharing, the Pearson correlation coefficient of input and output can be reduced to 0.1 under rekeying test. The reference voltage tracking speed is up to 31.95 V/μs and peak load step response is 53 mA/ns. Without capacitors, the converter consumes 2.85 mm2 for high power version and only 1.4 mm2 for the low power case.
An Automated SMT-based Security Framework for Supporting Migrations in Cloud Composite Services. NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium. :1–9.
.
2022. The growing maturity of orchestration languages is contributing to the elaboration of cloud composite services, whose resources may be deployed over different distributed infrastructures. These composite services are subject to changes over time, that are typically required to support cloud properties, such as scalability and rapid elasticity. In particular, the migration of their elementary resources may be triggered by performance constraints. However, changes induced by this migration may introduce vulnerabilities that may compromise the resources, or even the whole cloud service. In that context, we propose an automated SMT1-based security framework for supporting the migration of resources in cloud composite services, and preventing the occurrence of new configuration vulnerabilities. We formalize the underlying security automation based on SMT solving, in order to assess the migrated resources and select adequate counter-measures, considering both endogenous and exogenous security mechanisms. We then evaluate its benefits and limits through large series of experiments based on a proof-of-concept prototype implemented over the CVC4 commonly-used open-source solver. These experiments show a minimal overhead with regular operating systems deployed in cloud environments.
ScalaCert: Scalability-Oriented PKI with Redactable Consortium Blockchain Enabled "On-Cert" Certificate Revocation. 2022 IEEE 42nd International Conference on Distributed Computing Systems (ICDCS). :1236–1246.
.
2022. As the voucher for identity, digital certificates and the public key infrastructure (PKI) system have always played a vital role to provide the authentication services. In recent years, with the increase in attacks on traditional centralized PKIs and the extensive deployment of blockchains, researchers have tried to establish blockchain-based secure decentralized PKIs and have made significant progress. Although blockchain enhances security, it brings new problems in scalability due to the inherent limitations of blockchain’s data structure and consensus mechanism, which become much severe for the massive access in the era of 5G and B5G. In this paper, we propose ScalaCert to mitigate the scalability problems of blockchain-based PKIs by utilizing redactable blockchain for "on-cert" revocation. Specifically, we utilize the redactable blockchain to record revocation information directly on the original certificate ("on-cert") and remove additional data structures such as CRL, significantly reducing storage overhead. Moreover, the combination of redactable and consortium blockchains brings a new kind of attack called deception of versions (DoV) attack. To defend against it, we design a random-block-node-check (RBNC) based freshness check mechanism. Security and performance analyses show that ScalaCert has sufficient security and effectively solves the scalability problem of the blockchain-based PKI system.
Automated IoT security testing with SecLab. NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium. :1–6.
.
2022. With the growing number of IoT applications and devices, IoT security breaches are a dangerous reality. Cost pressure and complexity of security tests for embedded systems and networked infrastructure are often the excuse for skipping them completely. In our paper we introduce SecLab security test lab to overcome that problem. Based on a flexible and lightweight architecture, SecLab allows developers and IoT security specialists to harden their systems with a low entry hurdle. The open architecture supports the reuse of existing external security test libraries and scalability for the assessment of complex IoT Systems. A reference implementation of security tests in a realistic IoT application scenario proves the approach.
Research on Computer Network Security Framework Based on Concurrent Data Detection and Security Modelling. 2022 International Conference on Sustainable Computing and Data Communication Systems (ICSCDS). :1144–1147.
.
2022. A formal modeling language MCD for concurrent systems is proposed, and its syntax, semantics and formal definitions are given. MCD uses modules as basic components, and that the detection rules are not perfect, resulting in packets that do not belong to intrusion attacks being misjudged as attacks, respectively. Then the data detection algorithm based on MCD concurrency model protects hidden computer viruses and security threats, and the efficiency is increased by 7.5% Finally, the computer network security protection system is researched based on security modeling.
ZGridBC: Zero-Knowledge Proof Based Scalable and Private Blockchain Platform for Smart Grid. 2021 IEEE International Conference on Blockchain and Cryptocurrency (ICBC). :1–3.
.
2021. The total number of photovoltaic power producing facilities whose FIT-based ten-year contract expires by 2023 is expected to reach approximately 1.65 million in Japan. If the number of renewable electricity-producing/consuming facilities reached two million, an enormous number of transactions would be invoked beyond blockchain's scalability.We propose mutually cooperative two novel methods to simultaneously solve scalability, data size, and privacy problems in blockchain-based trading platforms for renewable energy environmental value. One is a management scheme of electricity production resources (EPRs) using an extended UTXO token. The other is a data aggregation scheme that aggregates a significant number of smart meter records with evidentiality using zero-knowledge proof (ZKP).
Development of the Algorithm to Ensure the Protection of Confidential Data in Cloud Medical Information System. 2021 14th International Conference on Security of Information and Networks (SIN). 1:1–4.
.
2021. The main purpose to ensure the security for confidential medical data is to develop and implement the architecture of a medical cloud system, for storage, systematization, and processing of survey results (for example EEG) jointly with an algorithm for ensuring the protection of confidential data based on a fully homomorphic cryptosystem. The most optimal algorithm based on the test results (analysis of the time of encryption, decryption, addition, multiplication, the ratio of the signal-to-noise of the ciphertext to the open text), has been selected between two potential applicants for using (BFV and CKKS schemes). As a result, the CKKS scheme demonstrates maximal effectiveness in the context of the criticality of the requirements for an important level of security.
5G Core Security in Edge Networks: A Vulnerability Assessment Approach. 2021 IEEE Symposium on Computers and Communications (ISCC). :1–6.
.
2021. The 5G technology will play a crucial role in global economic growth through numerous industrial developments. However, it is essential to ensure the security of these developed systems, while 5G brings unique security challenges. This paper contributes explicitly to the need for an effective Vulnerability Assessment Approach (VAA) to identify and assess the vulnerabilities in 5G networks in an accurate, salable, and dynamic way. The proposed approach develops an optimized mechanism based on the Technique for Order Preference by Similarity to an Ideal Solution (TOPSIS) to analyze the vulnerabilities in 5G Edge networks from the attacker perspective while considering the dynamic and scalable Edge properties. Furthermore, we introduce a cloud-based 5G Edge security testbed to test and evaluate the accuracy, scalability, and performance of the proposed VAA.
An Improved Byzantine Consensus Based Multi-Signature Algorithm. 2021 4th International Conference on Advanced Electronic Materials, Computers and Software Engineering (AEMCSE). :777–780.
.
2021. Traditional grid-centric data storage methods are vulnerable to network attacks or failures due to downtime, causing problems such as data loss or tampering. The security of data storage can be effectively improved by establishing an alliance chain. However, the existing consortium chain consensus algorithm has low scalability, and the consensus time will explode as the number of nodes increases. This paper proposes an improved consensus algorithm (MSBFT) based on multi-signature to address this problem, which spreads data by establishing a system communication tree, reducing communication and network transmission costs, and improving system scalability. By generating schnorr multi-signature as the shared signature of system nodes, the computational cost of verification between nodes is reduced. At the end of the article, simulations prove the superiority of the proposed method.
Application Security System Design of Internet of Things Based on Blockchain Technology. 2021 International Conference on Computer, Internet of Things and Control Engineering (CITCE). :134–137.
.
2021. In view of the current status of Internet of Things applications and related security problems, the architecture system of Internet of Things applications based on block chain is introduced. First, it introduces the concepts related to blockchain technology, introduces the architecture system of iot application based on blockchain, and discusses its overall architecture design, key technologies and functional structure design. The product embodies the whole process of the Internet of Things platform on the basis of blockchain, which builds an infrastructure based on the Internet of Things and solves the increasingly serious security problems in the Internet of Things through the technical characteristics of decentralization.
Data Obfuscation Technique in Cloud Security. 2021 2nd International Conference on Smart Electronics and Communication (ICOSEC). :358–362.
.
2021. Cloud storage, in general, is a collection of Computer Technology resources provided to consumers over the internet on a leased basis. Cloud storage has several advantages, including simplicity, reliability, scalability, convergence, and cost savings. One of the most significant impediments to cloud computing's growth is security. This paper proposes a security approach based on cloud security. Cloud security now plays a critical part in everyone's life. Due to security concerns, data is shared between cloud service providers and other users. In order to protect the data from unwanted access, the Security Service Algorithm (SSA), which is called as MONcrypt is used to secure the information. This methodology is established on the obfuscation of data techniques. The MONcrypt SSA is a Security as a Service (SaaS) product. When compared to current obfuscation strategies, the proposed methodology offers a better efficiency and smart protection. In contrast to the current method, MONcrypt eliminates the different dimensions of information that are uploaded to cloud storage. The proposed approach not only preserves the data's secrecy but also decreases the size of the plaintext. The exi sting method does not reduce the size of data until it has been obfuscated. The findings show that the recommended MONcrypt offers optimal protection for the data stored in the cloud within the shortest amount of time. The proposed protocol ensures the confidentiality of the information while reducing the plaintext size. Current techniques should not reduce the size of evidence once it has been muddled. Based on the findings, it is clear that the proposed MONcrypt provides the highest level of protection in the shortest amount of time for rethought data.
Solving IoT Security and Scalability Challenges with Blockchain. 2021 5th International Symposium on Multidisciplinary Studies and Innovative Technologies (ISMSIT). :52–56.
.
2021. Internet of Things (IoT) is one relatively new technology, which aims to make our lives easier by automating our daily processes. This article would aim to deliver an idea how to prevent the IoT technology, delivering maliciously and bad things and how to scale. The intention of this research is to explain how a specific implementation of a Blockchain network, enterprise-grade permissioned distributed ledger framework called Hyperledger Fabric, can be used to resolve the security and scalability issues in an IoT network.
Research on Computer Network Security Protection System Based on Level Protection in Cloud Computing Environment. 2021 IEEE International Conference on Advances in Electrical Engineering and Computer Applications (AEECA). :428–431.
.
2021. With the development of cloud computing technology, cloud services have been used by more and more traditional applications and products because of their unique advantages such as virtualization, high scalability and universality. In the cloud computing environment, computer networks often encounter security problems such as external attacks, hidden dangers in the network and hidden dangers in information sharing. The network security level protection system is the basic system of national network security work, which is the fundamental guarantee for promoting the healthy development of informatization and safeguarding national security, social order and public interests. This paper studies cloud computing security from the perspective of level protection, combining with the characteristics of cloud computing security. This scheme is not only an extension of information system level protection, but also a study of cloud computing security, aiming at cloud computing security control from the perspective of level protection.
Probability Distribution Model to Analyze the Trade-off between Scalability and Security of Sharding-Based Blockchain Networks. 2021 IEEE 18th Annual Consumer Communications Networking Conference (CCNC). :1–6.
.
2021. Sharding is considered to be the most promising solution to overcome and to improve the scalability limitations of blockchain networks. By doing this, the transaction throughput increases, at the same time compromises the security of blockchain networks. In this paper, a probability distribution model is proposed to analyze this trade-off between scalability and security of sharding-based blockchain networks. For this purpose hypergeometric distribution and Chebyshev's Inequality are mainly used. The upper bounds of hypergeometric distributed transaction processing and failure probabilities for shards are mainly evaluated. The model validation is accomplished with Class A (Omniledger, Elastico, Harmony, and Zilliqa), and Class B (RapidChain) sharding protocols. This validation shows that Class B protocols have a better performance compared to Class A protocols. The proposed model observes the transaction processing and failure probabilities are increased when shard size is reduced or the number of shards increased in sharding-based blockchain networks. This trade-off between the scalability and the security decides on the shard size of the blockchain network based on the real-world application and the blockchain platform. This explains the scalability trilemma in blockchain networks claiming that decentralization, scalability, and security cannot be met at primary grounds. In conclusion, this paper presents a comprehensive analysis providing essential directions to develop sharding protocols in the future to enhance the performance and the best-cost benefit of sharing-based blockchains by improving the scalability and the security at the same time.
A Security Scoring Framework to Quantify Security in Cyber-Physical Systems. 2021 4th IEEE International Conference on Industrial Cyber-Physical Systems (ICPS). :199—206.
.
2021. The need to achieve a suitable level of security in Cyber-Physical Systems (CPS) presents a major challenge for engineers. The unpredictable communication of highly constrained, but safety-relevant systems in a heterogeneous environment, significantly impacts the number and severity of vulnerabilities. Consequently, if security-related weaknesses can successfully be exploited by attackers, the functionality of critical infrastructure could be denied or malfunction. This might consequently threaten life or leak sensitive information. A toolkit to quantitatively express security is essential for security engineers in order to define security-enhancing measurements. For this purpose, security scoring frameworks, like the established Common Vulnerability Scoring System can be used. However, existing security scoring frameworks may not be able to handle the proposed challenges and characteristics of CPS. Therefore, in this work, we aim to elaborate a security scoring system that is tailored to the needs of CPS. In detail, we analyze security on a System-of-Systems level, while considering multiple attacks, as well as potential side effects to other security-related objects. The positive effects of integrated mitigation concepts should also be abbreviated by our proposed security score. Additionally, we generate the security score for interacting AUTOSAR platforms in a highly-connected Vehicle-to-everything (V2x) environment. We refer to this highly relevant use case scenario to underline the benefits of our proposed scoring framework and to prove its effectiveness in CPS.
Artificial Immune Technology Architecture for Electric Power Equipment Embedded System. 2021 IEEE International Conference on Electrical Engineering and Mechatronics Technology (ICEEMT). :485–490.
.
2021. This paper proposes an artificial immune information security protection technology architecture for embedded system of Electric power equipment. By simulating the three functions of human immunity, namely "immune homeostasis", "immune surveillance" and "immune defense", the power equipment is endowed with the ability of human like active immune security protection. Among them, "immune homeostasis" is constructed by trusted computing technology components to establish a trusted embedded system running environment. Through fault-tolerant component construction, "immune surveillance" and "immune defense" realize illegal data defense, business logic legitimacy check and equipment status evaluation, realize real-time perception and evaluation of power equipment's own security status, as well as fault emergency handling and event backtracking record, so that power equipment can realize self recovery from abnormal status. The proposed technology architecture is systematic, scientific and rich in scalability, which can significantly improve the information security protection ability of electric power equipment.
Security Analysis of Smart Home Systems Applying Attack Graph. 2021 Fifth World Conference on Smart Trends in Systems Security and Sustainability (WorldS4). :230–234.
.
2021. In this work, security analysis of a Smart Home System (SHS) is inspected. The paper focuses on describing common and likely cyber security threats against SHS. This includes both their influence on human privacy and safety. The SHS is properly presented and formed applying Architecture Analysis and Design Language (AADL), exhibiting the system layout, weaknesses, attack practices, besides their requirements and post settings. The obtained model is later inspected along with a security requirement with JKind model tester software for security endangerment. The overall attack graph causing system compromise is graphically given using Graphviz.
PolyShard: Coded Sharding Achieves Linearly Scaling Efficiency and Security Simultaneously. 2020 IEEE International Symposium on Information Theory (ISIT). :203—208.
.
2020. Today's blockchain designs suffer from a trilemma claiming that no blockchain system can simultaneously achieve decentralization, security, and performance scalability. For current blockchain systems, as more nodes join the network, the efficiency of the system (computation, communication, and storage) stays constant at best. A leading idea for enabling blockchains to scale efficiency is the notion of sharding: different subsets of nodes handle different portions of the blockchain, thereby reducing the load for each individual node. However, existing sharding proposals achieve efficiency scaling by compromising on trust - corrupting the nodes in a given shard will lead to the permanent loss of the corresponding portion of data. In this paper, we settle the trilemma by demonstrating a new protocol for coded storage and computation in blockchains. In particular, we propose PolyShard: "polynomially coded sharding" scheme that achieves information-theoretic upper bounds on the efficiency of the storage, system throughput, as well as on trust, thus enabling a truly scalable system.