Biblio

The paper is devoted to the comparison of performance of prospective lightweight block cipher Cypress with performances of the known modern lightweight block ciphers such as AES, SPECK, SPARX etc. The measurement was done on different platforms: Windows, Linux and Android. On all platforms selected, the block cipher Cypress showed the best results. The block cipher Cypress-256 showed the highest performance on Windows x32 (almost 3.5 Gbps), 64-bit Linux (over 8 Gbps) and Android (1.3 Gbps). On Windows x64 the best result was obtained by Cypress- 512 (almost 5 Gbps).

In recent years, image steganography is being considered as one of the methods to secure the confidentiality of sensitive and private data sent over networks. Conventional image steganography techniques use cover images to hide secret messages. These techniques are susceptible to steganalysis algorithms based on anomaly detection. This paper proposes a new approach to image steganography without using cover images. In addition, it utilizes Deoxyribonucleic Acid (DNA) sequences. DNA sequences are used to generate key and stego-image. Experimental results show that the use of DNA sequences in this technique offer very low cracking probability and the coverless approach contributes to its high embedding capacity.

Nowadays, secure transmission of multimedia files has become more significant concern with the evolution of technologies. Cryptography is the well-known technique to safeguard the files from various destructive hacks. In this work, a colour image encryption scheme is suggested using chaos and Deoxyribo Nucleic Acid (DNA) coding. The encryption scheme is carried out in two stages namely confusion and diffusion. As the first stage, chaos aided inter-planar row and column shuffling are performed to shuffle the image pixels completely. DNA coding and decoding operations then diffuse the resultant confused image with the help of eight DNA XOR rules. This confusion-diffusion process has achieved the entropy value equal to 7.9973 and correlation coefficient nearer to zero with key space of 10140. Various other analyses are also done to ensure the effectiveness of the developed algorithm. The results show that the proposed scheme can withstand different attacks and better than the recent state-of-art methods.

In this paper, an image encryption scheme based on dynamic DNA sequence and two dimension logistic map is proposed. Firstly two different pseudo random sequences are generated using two dimension Sine-Henon alteration map. These sequences are used for altering the positions of each pixel of plain image row wise and column wise respectively. Secondly each pixels of distorted image and values of random sequences are converted into a DNA sequence dynamically using one dimension logistic map. Reversible DNA operations are applied between DNA converted pixel and random values. At last after decoding the results of DNA operations cipher image is obtained. Different theoretical analyses and experimental results proved the effectiveness of this algorithm. Large key space proved that it is possible to protect different types of attacks using our proposed encryption scheme.

The objective of this paper was to propose a 5D combined chaotic system used for image encryption by scrambling and DNA encryption. The initial chaotic values were calculated with a set of equations. The chaotic sequences were used for pixel scrambling, bit scrambling, DNA encryption and DNA complementary function. The average of NPCR, UACI and entropy values of the 6 images used for testing were 99.61, 33.51 and 7.997 respectively. The correlation values obtained for the encrypted image were much lower than the corresponding original image. The histogram of the encrypted image was flat. Based on the theoretical results from the tests performed on the proposed system it can be concluded that the system is suited for practical applications, since it offers high security.

Unauthorized access of the data is one of the major threat for the real world digital data communication. Digital images are one of the most vital subset of the digital data. Several important and sensitive information is conveyed through digital images. Hence, digital image security is one of the foremost interest of the researchers. Cryptographic algorithms Biological sequences are often used to encrypt data due to their inherent features. DNA encryption is one of the widely used method used for data security which is based on the properties of the biological sequences. To protect the images from unwanted accesses, a new two stage method is proposed in this work. DNA Encryption and Polymerase Chain Reaction (PCR) Amplification is used to enhance the security. The proposed method is evaluated using different standard parameters that shows the efficiency of the algorithm.

In today's world, securing data is becoming one of the main issues, the elaboration of the fusion of cryptography and steganography are contemplating as the sphere of on-going research. This can be gain by cryptography, steganography, and fusion of these two, where message firstly encoding using any cryptography techniques and then conceal into any cover medium using steganography techniques. Biological structure of DNA is used as the cover medium due to high storage capacity, simple encoding method, massive parallelism and randomness DNA cryptography can be used in identification card and tickets. Currently work in this field is still in the developmental stage and a lot of investigation is required to reach a fully-fledged stage. This paper provides a review of the existing method of DNA based cryptography

The process of information security entails securing the information by transferring it through the networks preventing the data from attacks. This way of securing the information is known as cryptography. The perspective of converting the plain-text into non-understandable format is known as cryptography that could be possible using certain cryptography algorithms. The security could not be offered by the conventional cryptographic algorithms that lacks in their security for the huge amount of growing data, which could be easily broken by the intruders for their malicious activities. This gives rise to the new cryptographic algorithm known as DNA computing that could strengthen the information security, which does not provide any intruders to get authorized to confidential data. The proposed DNA symmetric cryptography enhances information security. The results reveal that encryption process carried out on plain-text is highly secured.

Today the frequency of technological transformations is very high. In order to cope up with these, there is a demand for fast processing and secured algorithms should be proposed for data exchange. In this paper, Advanced Encryption Standard (AES) is modified using DNA cryptography for fast processing and dynamic S-boxes are introduced to develop an attack resistant algorithm. This is strengthened by combining symmetric and asymmetric algorithms. Diffie-Hellman key exchange is used for AES key generation and also for secret number generation used for creation of dynamic S-boxes. The proposed algorithm is fast in computation and can resist cryptographic attacks like linear and differential cryptanalysis attacks.

Memory corruption vulnerabilities have been around for decades and rank among the most prevalent vulnerabilities in embedded systems. Yet this constrained environment poses unique design and implementation challenges that significantly complicate the adoption of common hardening techniques. Combined with the irregular and involved nature of embedded patch management, this results in prolonged vulnerability exposure windows and vulnerabilities that are relatively easy to exploit. Considering the sensitive and critical nature of many embedded systems, this situation merits significant improvement. In this work, we present the first quantitative study of exploit mitigation adoption in 42 embedded operating systems, showing the embedded world to significantly lag behind the general-purpose world. To improve the security of deeply embedded systems, we subsequently present μArmor, an approach to address some of the key gaps identified in our quantitative analysis. μArmor raises the bar for exploitation of embedded memory corruption vulnerabilities, while being adoptable on the short term without incurring prohibitive extra performance or storage costs.

In this paper, we study system security against Advanced Persistent Threats (APTs). APTs are stealthy and persistent but APTs interact with system and introduce information flows in the system as data-flow and control-flow commands. Dynamic Information Flow Tracking (DIFT) is a promising detection mechanism against APTs which taints suspicious input sources in the system and performs online security analysis when a tainted information is used in unauthorized manner. Our objective in this paper is to model DIFT that handle data-flow and conditional branches in the program that arise from control-flow commands. We use game theoretic framework and provide the first analytical model of DIFT with data-flow and conditional-branch tracking. Our game model which is an undiscounted infinite-horizon stochastic game captures the interaction between APTs and DIFT and the notion of conditional branching. We prove that the best response of the APT is a maximal reachability probability problem and provide a polynomial-time algorithm to find the best response by solving a linear optimization problem. We formulate the best response of the defense as a linear optimization problem and show that an optimal solution to the linear program returns a deterministic optimal policy for the defense. Since finding Nash equilibrium for infinite-horizon undiscounted stochastic games is computationally difficult, we present a nonlinear programming based polynomial-time algorithm to find an E-Nash equilibrium. Finally, we perform experimental analysis of our algorithm on real-world data for NetRecon attack augmented with conditional branching.

Allocating several Virtual Machines (VMs) onto a single server helps to increase cloud computing resource utilization and to reduce its operating expense. However, multiplexing VMs with different security levels on a single server gives rise to major VM-to-VM cybersecurity interdependency risks. In this paper, we address the problem of the static VM allocation with cybersecurity loss awareness by modeling it as a two-player zero-sum game between an attacker and a provider. We first obtain optimal solutions by employing the mathematical programming approach. We then seek to find the optimal solutions by quickly identifying the equilibrium allocation strategies in our formulated zero-sum game. We mean by "equilibrium" that none of the provider nor the attacker has any incentive to deviate from one's chosen strategy. Specifically, we study the characteristics of the game model, based on which, to develop effective and efficient allocation algorithms. Simulation results show that our proposed cybersecurity-aware consolidation algorithms can significantly outperform the commonly used multi-dimensional bin packing approaches for large-scale cloud data centers.

Resilience and security of infrastructures depend not only on their constituent systems but also on interdependencies among them. This paper studies how these interdependencies in infrastructures affect the defense effort needed to counter external attacks, by formulating a simultaneous game between a service provider (i.e., defender) and an attacker. Effects of interdependencies in three basic topological structures, namely, bus, star and ring, are considered and compared in terms of the game-theoretic defense strategy. Results show that in a star topology, the attacker's and defender's pure strategies at Nash Equilibrium (NE) are sensitive to interdependency levels whereas in a bus structure, the interdependencies show little impact on both defender's and attacker's pure strategies. The sensitivity estimates of defense and attack strategies at NE with respect to target valuation and unit cost are also presented. The results provide insights into infrastructure design and resource allocation for reinforcement of constituent systems.

In Bitcoin's incentive system that supports open mining pools, block withholding attacks incur huge security threats. In this paper, we investigate the mutual attacks among pools as this determines the macroscopic utility of the whole distributed system. Existing studies on pools' interactive attacks usually employ the conventional game theory, where the strategies of the players are considered pure and equal, neglecting the existence of powerful strategies and the corresponding favorable game results. In this study, we take advantage of the Zero-Determinant (ZD) strategy to analyze the block withholding attack between any two pools, where the ZD adopter has the unilateral control on the expected payoffs of its opponent and itself. In this case, we are faced with the following questions: who can adopt the ZD strategy? individually or simultaneously? what can the ZD player achieve? In order to answer these questions, we derive the conditions under which two pools can individually or simultaneously employ the ZD strategy and demonstrate the effectiveness. To the best of our knowledge, we are the first to use the ZD strategy to analyze the block withholding attack among pools.

NEMESIS provides powerful and cost-effective defenses against extreme Distributed Denial of Service (DDos) attacks through a number of network maneuvers. However, selection of which maneuvers to deploy when and with what parameters requires great care to achieve optimal outcomes in the face of overwhelming attack. Analytical wargaming allows game theoretic optimal Courses of Action (COA) to be created real-time during live operations, orders of magnitude faster than packet-level simulation and with equivalent outcomes to even expert human hand-crafted COAs.

5G mobile networks promise universal communication environment and aims at providing higher bandwidth, increased communication and networking capabilities, and extensive signal coverage by using multiple communication technologies including Device-to-Device (D-to-D). This paradigm, will allow scalable and ubiquitous connectivity for large-scale mobile networks where a huge number of heterogeneous devices with limited resources will cooperate to enhance communication efficiency in terms of link reliability, spectral efficiency, system capacity, and transmission range. However, owing to its decentralized nature, cooperative D-to-D communication could be vulnerable to attacks initiated on relay nodes. Consequently, a source node has the interest to select the more protected relay to ensure the security of its traffic. Nevertheless, an improvement in the protection level has a counterpart cost that must be sustained by the device. To address this trade-off as well as the interaction between the attacker and the source device, we propose a dynamic game theoretic based approach to model and analyze this problem as a cost model. The utility function of the proposed non-cooperative game is based on the concepts of return on protection and return on attack which illustrate the gain of selecting a relay for transmitting a data packet by a source node and the reward of the attacker to perform an attack to compromise the transmitted data. Moreover, we discuss and analyze Nash equilibrium convergence of this attack-defense model and we propose an heuristic algorithm that can determine the equilibrium state in a limited number of running stages. Finally, we perform simulation work to show the effectiveness of the game model in assessing the behavior of the source node and the attacker and its ability to reach equilibrium within a finite number of steps.

This paper studies the sensor placement problem in a networked control system for improving its security against cyber-physical attacks. The problem is formulated as a zero-sum game between an attacker and a detector. The attacker's decision is to select f nodes of the network to attack whereas the detector's decision is to place f sensors to detect the presence of the attack signals. In our formulation, the attacker minimizes its visibility, defined as the system L2 gain from the attack signals to the deployed sensors' outputs, and the detector maximizes the visibility of the attack signals. The equilibrium strategy of the game determines the optimal locations of the sensors. The existence of Nash equilibrium for the attacker-detector game is studied when the underlying connectivity graph is a directed or an undirected tree. When the game does not admit a Nash equilibrium, it is shown that the Stackelberg equilibrium of the game, with the detector as the game leader, can be computed efficiently. Our results show that, under the optimal sensor placement strategy, an undirected topology provides a higher security level for a networked control system compared with its corresponding directed topology.

This paper presents a novel game theoretic attack-defence decision making framework for cyber-physical system (CPS) security. Game theory is a powerful tool to analyse the interaction between the attacker and the defender in such scenarios. In the formulation of games, participants are usually assumed to be rational. They will always choose the action to pursuit maximum payoff according to the knowledge of the strategic situation they are in. However, in reality the capacity of rationality is often bounded by the level of intelligence, computational resources and the amount of available information. This paper formulates the concept of bounded rationality into the decision making process, in order to optimise the defender's strategy considering that the defender and the attacker have incomplete information of each other and limited computational capacity. Under the proposed framework, the defender can often benefit from deviating from the minimax Nash Equilibrium strategy, the theoretically expected outcome of rational game playing. Numerical results are presented and discussed in order to demonstrate the proposed technique.

Networked Control Systems (NCS) are widely used in Industry 4.0 to obtain better management and operational capabilities, as well as to reduce costs. However, despite the benefits provided by NCSs, the integration of communication networks with physical plants can also expose these systems to cyber threats. This work proposes a link monitoring strategy to identify linear time-invariant transfer functions performed by a Man-in-the-Middle during controlled data injection attacks in NCSs. The results demonstrate that the proposed identification scheme provides adequate accuracy when estimating the attack function, and does not interfere in the plant behavior when the system is not under attack.

The article focuses on Personal Data Cyber Security Systems. These systems are the critical components for Health Information Management Systems of Public Health enterprises. The purpose of this article is to inform and provide the reader with Personal Data Cyber Security Legislation and Regulation in Public Health Sector and enlighten him with the Information Systems that were designed and implemented for Personal Data Cyber Security in Public Health.

A local area network (LAN) computer security control circuit is designed for the practical problem of LAN computer users "one machine crosses two networks" on this paper, which provides a protection barrier for the information security of LAN computers on the hardware. This paper briefly analyzes the risks and challenges faced by LAN security. The overall design idea, circuit design and working principle of LAN computer security control circuit are described in detail. The characteristics of the system are summarized. Finally, the design circuit is verified by practical application in the unit. The application results show that the circuit is stable in operation, simple in operation, safe and reliable, and convenient in installation and maintain, etc., which has achieved the design effect and played a good role in ensuring the security of the network information of the local area network.

This paper proposes a compensation control scheme against DoS attack for nonlinear cyber-physical systems (CPSs). The dynamical process of the nonlinear CPSs are described by T-S fuzzy model that regulated by the corresponding fuzzy rules. The communication link between the controller and the actuator under consideration may be unreliable, where Denialof-Service (DoS) attack is supposed to invade the communication link randomly. To compensate the negative effect caused by DoS attack, a compensation control scheme is designed to maintain the stability of the closed-loop system. With the aid of the Lyapunov function theory, a sufficient condition is established to ensure the stochastic stability and strict dissipativity of the closed-loop system. Finally, an iterative linearization algorithm is designed to determine the controller gain and the effectiveness of the proposed approach is evaluated through simulations.

In this paper, a dynamic cybersecurity protection method based on software-defined networking (SDN) is proposed, according to the protection requirement analysis for industrial control systems (ICSs). This method can execute security response measures by SDN, such as isolation, redirection etc., based on the real-time intrusion detection results, forming a detecting-responding closed-loop security control. In addition, moving target defense (MTD) concept is introduced to the protection for ICSs, where topology transformation and IP/port hopping are realized by SDN, which can confuse and deceive the attackers and prevent attacks at the beginning, protection ICSs in an active manner. The simulation results verify the feasibility of the proposed method.

In order to enhance the network security protection level of intelligent substation, this paper puts forward a model of intelligent substation network security defense system through the analysis of intelligent substation network security risk and protection demand, and using example proved the feasibility and effectiveness of the defense system. It is intelligent substation network security protection provides a new solution.

Aiming at the operation characteristics of power industry control system, this paper deeply analyses the attack mechanism and characteristics of power industry control system intrusion. On the basis of classifying and sorting out the attack characteristics of power industrial control system, this paper also attaches importance to break the basic theory and consequential technologies of industrial control network space security, and constructs the network intrusion as well as attack model of power industrial control system to realize the precise characterization of attackers' attack behavior, which provides a theoretical model for the analysis and early warning of attack behavior analysis of power industrial control systems.