Biblio

This study offers an alternative to current implementations of key exchange by utilizing NFC technologies within android mobile devices. Supporting key exchange protocols along with cryptographic algorithms are offered, which meet current security standards whilst maintaining a short key length for optimal transfer between devices. Peer-to-peer and Host Card Emulation operational modes are observed to determine the best suited approach for key exchange. The proposed model offers end to end encryption between Client-Client as opposed to the usual Client-Server encryption offered by most Instant Messaging applications.

Distributed denial of service attacks are still one of the greatest threats for computer systems and networks. We propose an intelligent moving target solution against DDOS flooding attacks. Our solution will use a fast-flux approach combined with moving target techniques to increase attack cost and complexity by bringing dynamics and randomization in network address space. It continually increases attack costs and makes it harder and almost infeasible for botnets to launch an attack. Along with performing selective proxy server replication and shuffling clients among this proxy, our solution can successfully separate and isolate attackers from benign clients and mitigate large-scale and complex flooding attacks. Our approach effectively stops both network and application-layer attacks at a minimum cost. However, while we try to make prevalent attack launches difficult and expensive for Bot Masters, this approach is good enough to combat zero-day attacks, too. Using DNS capabilities to change IP addresses frequently along with the proxy servers included in the proposed architecture, it is possible to hide the original server address from the attacker and invalidate the data attackers gathered during the reconnaissance phase of attack and make them repeat this step over and over. Our simulations demonstrate that we can mitigate large-scale attacks with minimum possible cost and overhead.

Advanced Persistent Threat (APT) is a professional stealthy threat actor who uses continuous and sophisticated attack techniques which have not been well mitigated by existing defense strategies. This paper proposes an APT-style cyber-attack tested for distributed energy resources (DER) in cyber-physical environments. The proposed security testbed consists of: 1) a real-time DER simulator; 2) a real-time cyber system using real network systems and a server; and 3) penetration testing tools generating APT-style attacks as cyber events. Moreover, this paper provides a cyber kill chain model for a DER system based on a latest MITRE’s cyber kill chain model to model possible attack stages. Several real cyber-attacks are created and their impacts in a DER system are provided to validate the feasibility of the proposed security testbed for DER systems.

Nowadays, the Internet of Things (IoT) is playing an important role in our life. This inevitably generates mass data and requires a more secure transmission. As blockchain technology can build trust in a distributed environment and ensure the data traceability and tamper resistance, it is a promising way to support IoT data transmission and sharing. In this paper, edge computing is considered to provide adequate resources for end users to offload computing tasks in the blockchain enabled IoT system, and the node pairing problem between end users and edge computing servers is researched with the consideration of wireless channel quality and the service quality. From the perspective of the end users, the objective optimization is designed to maximize the profits and minimize the payments for completing the tasks and ensuring the resource limits of the edge servers at the same time. The deep reinforcement learning (DRL) method is utilized to train an intelligent strategy, and the policy gradient based node pairing (PG-NP) algorithm is proposed. Through a deep neural network, the well-trained policy matched the system states to the optimal actions. The REINFORCE algorithm with baseline is applied to train the policy network. According to the training results, as the comparison strategies are max-credit, max-SINR, random and max-resource, the PG-NP algorithm performs about 57% better than the second-best method. And testing results show that PGNP also has a good generalization ability which is negatively correlated with the training performance to a certain extend.

Computer Networks fights with a continues issues with attackers and intruders. Attacks on distributed systems becoming more powerful and more frequent day by day. Intrusion detection methods are performing main role to detect intruders and attackers. To identify intrusion on computer or computer networks an intrusion detection system methods are used. Network Intrusion Detection System (NIDS) performs an prime role by presenting the network security. It gives a defense layer by monitoring the traffic on network for predefined distrustful activity or pattern. In this paper we have analyze and compare existing signature based and anomaly based algorithm with Openstack private cloud.

Domain Generation Algorithms (DGAs) are used by adversaries to establish Command and Control (C&C) server communications during cyber attacks. Blacklists of known/identified C&C domains are used as one of the defense mechanisms. However, static blacklists generated by signature-based approaches can neither keep up nor detect never-seen-before malicious domain names. To address this weakness, we applied a DGA-based malicious domain classifier using the Long Short-Term Memory (LSTM) method with a novel feature engineering technique. Our model's performance shows a greater accuracy compared to a previously reported model. Additionally, we propose a new adversarial machine learning-based method to generate never-before-seen malware-related domain families. We augment the training dataset with new samples to make the training of the models more effective in detecting never-before-seen malicious domain names. To protect blacklists of malicious domain names against adversarial access and modifications, we devise secure data containers to store and transfer blacklists.

Fast Growth of (ICT) Information and Communication Technology results to Innovation of Cloud Computing and is considered as a key driver for technological innovations, as an IT innovations, cloud computing had added a new dimension to that importance by increasing usage to technology that motivates economic development at the national and global levels. Continues need of higher storage space (applications, files, videos, music and others) are some of the reasons for adoption and implementation, Users and Enterprises are gradually changing the way and manner in which Data and Information are been stored. Storing/Retrieving Data and Information traditionally using Standalone Computers are no longer sustainable due to high cost of Peripheral Devices, This further recommends organizational innovative adoption with regards to approaches on how to effectively reduced cost in businesses. Cloud Computing provides a lot of prospects to users/organizations; it also exposes security concerns which leads to low adoption, implementation and usage. Therefore, the study will examine standard ways of improving cloud computing adoption, implementation and usage by proposing and developing a security model using a design methodology that will ensure a secured Cloud Computing and also identify areas where future regularization could be operational.

Smart cities and societies are driving unprecedented technological and socioeconomic growth in everyday life albeit making us increasingly vulnerable to infinitely and incomprehensibly diverse threats. Short Message Service (SMS) spam is one such threat that can affect mobile security by propagating malware on mobile devices. A security breach could also cause a mobile device to send spam messages. Many works have focused on classifying incoming SMS messages. This paper proposes a tool to detect spam from outgoing SMS messages, although the work can be applied to both incoming and outgoing SMS messages. Specifically, we develop a system that comprises multiple machine learning (ML) based classifiers built by us using three classification methods – Naïve Bayes (NB), Support Vector Machine (SVM), and Naïve Bayes Multinomial (NBM)- and five preprocessing and feature extraction methods. The system is built to allow its execution in cloud, fog or edge layers, and is evaluated using 15 datasets built by 4 widely-used public SMS datasets. The system detects spam SMSs and gives recommendations on the spam filters and classifiers to be used based on user preferences including classification accuracy, True Negatives (TN), and computational resource requirements.

Unauthorized access or intrusion is a massive threatening issue in the modern era. This study focuses on designing a model for an ideal intrusion detection system capable of defending a network by alerting the admins upon detecting any sorts of malicious activities. The study proposes a two layered anomaly-based detection model that uses filter co-relation method for dimensionality reduction along with Random forest and Support Vector Machine as its classifiers. It achieved a very good detection rate against all sorts of attacks including a low rate of false alarms as well. The contribution of this study is that it could be of a major help to the computer scientists designing good intrusion detection systems to keep an industry or organization safe from the cyber threats as it has achieved the desired qualities of a functional IDS model.

Domain name system (DNS) resolves the IP addresses of domain names and is critical for IP networking. Recent denial-of-service (DoS) attacks on Internet targeted the DNS system (e.g., Dyn), which has the cascading effect of denying the availability of the services and applications relying on the targeted DNS. In view of these attacks, we investigate the DoS on DNS system and introduce the query-crafting threats where the attacker controls the DNS query payload (the domain name) to maximize the threat impact per query (increasing the communications between the DNS servers and the threat time duration), which is orthogonal to other DoS approaches to increase the attack impact such as flooding and DNS amplification. We model the DNS system using a state diagram and comprehensively analyze the threat space, identifying the threat vectors which include not only the random/invalid domains but also those using the domain name structure to combine valid strings and random strings. Query-crafting DoS threats generate new domain-name payloads for each query and force increased complexity in the DNS query resolution. We test the query-crafting DoS threats by taking empirical measurements on the Internet and show that they amplify the DoS impact on the DNS system (recursive resolver) by involving more communications and taking greater time duration. To defend against such DoS or DDoS threats, we identify the relevant detection features specific to query-crafting threats and evaluate the defense using our prototype in CloudLab.

Trusted Platform Modules (TPMs) are specialized chips that store RSA keys specific to the host system for hardware authentication. The RSA keys refer to an encryption technology developed by RSA Data Security. The RSA algorithm accounts for the fact that there is no efficient way to factor extremely large numbers. Each TPM chip contains an RSA Key pair known as the Endorsement Key that cannot be accessed by software. The TPM contains an additional key, called the Attestation Identity Key that protects the device itself against unauthorized firmware and software modification by implementing hash functions on critical sections of the software and firmware before execution. As a result, the TPM can be used as a chip for handling encryption for a larger system to offer an additional layer of security. Furthermore, the TPM can also be used for managing encryption keys, as a Storage Root Key is created when a user or administrator takes ownership of the system. However, merging the TPM into a system does come with additional costs along with potential benefits. This paper focuses on integrating a TPM into a system implemented on an ARM processor that engages with power electronics, and then presents the security benefits associated with a TPM.

Information level protection standard 2.0 requires trusted verification of system bootstrappers, system programs, etc. of server equipment based on trusted root. According to the requirements of information level protection standard, this paper puts forward a network trusted start-up scheme based on the trusted platform control module to guarantee the security and trust of the server's BIOS firmware, PXE boot file and Linux system file. When publishing BIOS firmware, PXE startup file, Linux system file, the state-secret algorithm SM3 is used to calculate the summary value as the benchmark value, and stored in the trusted platform control module, BIOS firmware, Linux boot file. When the server starts up with PXE, the BIOS firmware is measured by the Trusted Platform Control Module, the BIOS Start Environment Measures PXE Boot File, and the PXE Boot File measures the Linux system file. The trusted platform control module is the trust root level measurement level, the first level of trust level, the trust chain, the implementation of a trusted server operating environment. The method proposed in this paper is tested on the domestic autonomous controllable Sunway server, and the experimental results show that the method proposed in this paper is feasible.

A distributed denial of service attack is a major security challenge in modern communications networks. In this article, we propose models that capture all the key performance indicators of synchronized denial of service protection mechanisms. As a result of the conducted researches, it is found out that thanks to the method of delay detection it is possible to recognize semi-open connections that are caused by synchronous flood and other attacks at an early stage. The study provides a mechanism for assessing the feasibility of introducing and changing the security system of a wireless sensor network. The proposed methodology will allow you to compare the mechanisms of combating denial of service for synchronized failures and choose the optimal protection settings in real-time.

The paper addresses the issue of providing information security to wireless sensor networks using Security Information and Event Management (SIEM) methodology along with multi-agent approach. The concept of wireless sensor networks and providing their information security, including construction of SIEM system architecture, SIEM analysis methodologies and its main features, are considered. The proposed approach is to integrate SIEM system methodology with a multi-agent architecture which includes data collecting agents, coordinating agent (supervisor) and local Intrusion Detection Systems (IDSs) based on artificial immune system mechanisms. Each IDS is used as an agent that performs a primary analysis and sends information about suspicious activity to the server. The server performs correlation analysis, identifies the most significant incidents, and helps to prioritize the incident response. The presented results of computational experiments confirm the effectiveness of the proposed approach.

Federated learning (FL) is a machine learning model that preserves data privacy in the training process. Specifically, FL brings the model directly to the user equipments (UEs) for local training, where an edge server periodically collects the trained parameters to produce an improved model and sends it back to the UEs. However, since communication usually occurs through a limited spectrum, only a portion of the UEs can update their parameters upon each global aggregation. As such, new scheduling algorithms have to be engineered to facilitate the full implementation of FL. In this paper, based on a metric termed the age of update (AoU), we propose a scheduling policy by jointly accounting for the staleness of the received parameters and the instantaneous channel qualities to improve the running efficiency of FL. The proposed algorithm has low complexity and its effectiveness is demonstrated by Monte Carlo simulations.

This paper analyzes the vulnerability in the process of key negotiation between the main mode and aggressive mode of IKEv1 protocol in IPSec VPN, and proposes a DOS attack method based on OSPF protocol adjacent route spoofing. The experiment verifies the insecurity of IPSec VPN using IKEv1 protocol. This attack method has the advantages of lower cost and easier operation compared with using botnet.

The extensive use of the internet and web-based applications spot the multiserver authentication as a significant component. The users can get their services after authenticating with the service provider by using similar registration records. Various protocol schemes are developed for multiserver authentication, but the existing schemes are not secure and often lead towards various vulnerabilities and different security issues. Recently, Zhao et al. put forward a proposal for smart card and user's password-based authentication protocol for the multiserver environment and showed that their proposed protocol is efficient and secure against various security attacks. This paper points out that Zhao et al.'s authentication scheme is susceptive to traceability as well as anonymity attacks. Thus, it is not feasible for the multiserver environment. Furthermore, in their scheme, it is observed that a user while authenticating does not send any information with any mention of specific server identity. Therefore, this paper proposes an enhanced, efficient and secure user authentication scheme for use in any multiserver environment. The formal security analysis and verification of the protocol is performed using state-of-the-art tool “ProVerif” yielding that the proposed scheme provides higher levels of security.

Owing to the advancements in communication media and devices all over the globe, there has arisen a dire need for to limit the alarming number of attacks targeting these and to enhance their security. Multiple techniques have been incorporated in different researches and various protocols and schemes have been put forward to cater security issues of session initiation protocol (SIP). In 2008, Qiu et al. presented a proposal for SIP authentication which while effective than many existing schemes, was still found vulnerable to many security attacks. To overcome those issues, Zhang et al. proposed an authentication protocol. This paper presents the analysis of Zhang et al. authentication scheme and concludes that their proposed scheme is susceptible to user traceablity. It also presents an improved SIP authentication scheme that eliminates the possibility of traceability of user's activities. The proposed scheme is also verified by contemporary verification tool, ProVerif and it is found to be more secure, efficient and practical than many similar SIP authetication scheme.

ARP-attack often occurs in LAN network [1], which directly affects the user's online experience. The common type of ARP-attack is MITM-Attack (Man-in-the-Middle Attack) with two-types, disguising a host or a gateway. Common means of ARP-attack prevention is by deploying network-security equipment or binding IP-MAC in LAN manually[10]. This paper studies an automatic ARP-attack prevention technology for multi-object, based on the domain-control technology and batch-processing technology. Compared with the common ARP-attack-prevention measure, this study has advantages of low-cost, wide-application, and maintenance-free. By experimentally researching, this paper demonstrates the research correctness and technical feasibility. This research result, multi-object-oriented automatic defense technology for ARP-attacking, can apply to enterprise network.

Cyber-Physical Systems (CPS) such as intelligent connected vehicles, smart farming and smart logistics are constantly generating tons of data and requiring real-time data processing capabilities. Therefore, Edge Computing which provisions computing resources close to the End Devices from the network edge is becoming the ideal platform for CPS. However, it also brings many issues and one of the most prominent challenges is how to ensure the development of trustworthy smart services given the dynamic and distributed nature of Edge Computing. To tackle this challenge, this paper proposes a novel Federated Learning based Edge Computing platform for CPS, named “FengHuoLun”. Specifically, based on FengHuoLun, we can: 1) implement smart services where machine learning models are trained in a trusted Federated Learning framework; 2) assure the trustworthiness of smart services where CPS behaviours are tested and monitored using the Federated Learning framework. As a work in progress, we have presented an overview of the FengHuoLun platform and also some preliminary studies on its key components, and finally discussed some important future research directions.

The privacy protection and information security are two crucial issues for future advanced artificial intelligence devices, especially for cooperative system with rich core data exchange which may offer opportunities for attackers to fake interaction messages. To combat such threat, great efforts have been made by introducing trust mechanism in initiative or passive way. Furthermore, blockchain and distributed ledger technology provide a decentralized and peer-to-peer network, which has great potential application for multi-agent system, such as IoTs and robots. It eliminates third-party interference and data in the blockchain are stored in an encrypted way permanently and anti-destroys. In this paper, a methodology of blockchain is proposed and designed for advanced cooperative system with artificial intelligence to protect privacy and sensitive data exchange between multi-agents. The validation procedure is performed in laboratory by a three-level computing networks of Raspberry Pi 3B+, NVIDIA Jetson Tx2 and local computing server for a robot system with four manipulators and four binocular cameras in peer computing nodes by Go language.

Today, authentication and non-repudiation of actions are essential requirements for almost all mobile services. In this respect, various common identity systems (such as Facebook Login, Google Sign-In, Apple ID and many other) based on OpenID Connect protocol have been introduced that support easier password management for users, and reduce potential risks by securing the service provider and the user. With the widespread use of the Internet, smartphones can offer many services with rich content. The use of common identity systems on mobile devices with a high security level is becoming a more important requirement. At this point, MNOs (Mobile Network Operators) have a significant potential and capability for providing common identity services. The existing solutions based on Mobile Connect standard provide generally low level of assurance. Accordingly, there is an urgent need for a common identity system that provide higher level of assurance and security for service providers. This study presents a multi-factor authentication mechanism called TrustedID system that is based on Mobile Connect and OpenID Connect standards, and ensures higher level of assurance. The proposed system aims to use three identity factors of the user in order to access sensitive mobile services on the smartphone. The proposed authentication system will support improvement of new value-added services and also support the development of mobile ecosystem.

Cyber security is becoming a vital part of many information technologies and computing systems. Increasingly, High-Performance Computing systems are used in scientific research, academia and industry. High-Performance Computing applications are specifically designed to take advantage of the parallel nature of High-Performance Computing systems. Current research into High-Performance Computing systems focuses on the improvements in software development, parallel algorithms and computer systems architecture. However, there are no significant efforts in developing common High-Performance Computing security standards. Security of the High-Performance Computing resources is often an add-on to existing varied institutional policies that do not take into account additional requirements for High-Performance Computing security. Also, the users' terminals or portals used to access the High-Performance Computing resources are frequently insecure or they are being used in unprotected networks. In this paper we present Bearicade - a Data-driven Security Orchestration Automation and Response system. Bearicade collects data from the HPC systems and its users, enabling the use of Machine Learning based solutions to address current security issues in the High-Performance Computing systems. The system security is achieved through monitoring, analysis and interpretation of data such as users' activity, server requests, devices used and geographic locations. Any anomaly in users' behaviour is detected using machine learning algorithms, and would be visible to system administrators to help mediate the threats. The system was tested on a university campus grid system by administrators and users. Two case studies, Anomaly detection of user behaviour and Classification of Malicious Linux Terminal Command, have demonstrated machine learning approaches in identifying potential security threats. Bearicade's data was used in the experiments. The results demonstrated that detailed information is provided to the HPC administrators to detect possible security attacks and to act promptly.

Radio frequency identification system (RFID) is a wireless technology based on radio waves. These radio waves transmit data from the tag to a reader, which then transmits the information to a server. RFID tags have several advantages, they can be used in merchandise, to track vehicles, and even patients. Connecting RFID tags to internet terminal or server it called Internet of Things (IoT). Many people have shown interest in connected objects or the Internet of Things (IoT). The IoT is composed of many complementary elements each having their own specificities. The RFID is often seen as a prerequisite for the IoT. The main challenge of RFID is the security issues. Connecting RFID with IoT poses security threats and challenges which are needed to be discussed properly before deployment. In this paper, we proposed a new distributed encryption algorithm to be used in the IoT structure in order to reduce the security risks that are confronted in RFID technology.

The Extended Triple Diffie-Hellman (X3DH) protocol has been used for years as the basis of secure communication establishment among parties (i.e, humans and devices) over the Internet. However, such a protocol has several limits. It is typically based on a single trust third-party server that represents a single point of failure (SPoF) being consequently exposed to well- known Distributed Denial of Service (DDOS) attacks. In order to address such a limit, several solutions have been proposed so far that are often cost expensive and difficult to be maintained. The objective of this paper is to propose a BlockChain-Based X3DH (BCB-X3DH) protocol that allows eliminating such a SPoF, also simplifying its maintenance. Specifically, it combines the well- known X3DH security mechanisms with the intrinsic features of data non-repudiation and immutability that are typical of Smart Contracts. Furthermore, different implementation approaches are discussed to suits both human-to-human and device-to-device scenarios. Experiments compared the performance of both X3DH and BCB-X3DH.