Biblio

In the past air-gapped systems that are isolated from networks have been considered to be very secure. Yet there have been reports of such systems being breached. These breaches have shown to use unconventional means for communication also known as covert channels such as Acoustic, Electromagnetic, Magnetic, Electric, Optical, and Thermal to transfer data. In this paper, a review of various attack methods that can compromise an air-gapped system is presented along with a summary of how efficient and dangerous a particular method could be. The capabilities of each covert channel are listed to better understand the threat it poses and also some countermeasures to safeguard against such attack methods are mentioned. These attack methods have already been proven to work and awareness of such covert channels for data exfiltration is crucial in various industries.

The popularity and demand of home automation has increased exponentially in recent years because of the ease it provides. Recently, development has been done in this domain and few systems have been proposed that either use voice assistants or application for controlling the electrical appliances. However; less emphasis is laid on power efficiency and this system cannot be integrated with the existing appliances and hence, the entire system needs to be upgraded adding to a lot of additional cost in purchasing new appliances. In this research, the objective is to design such a system that emphasises on power efficiency as well as can be integrated with the already existing appliances. NodeMCU, along with Raspberry Pi, Firebase realtime database, is used to create a system that accomplishes such endeavours and can control relays, which can control these appliances without the need of replacing them. The experiments in this paper demonstrate triggering of electrical appliances using voice assistant, fire alarm on the basis of flame sensor and temperature sensor. Moreover; use of android application was presented for operating electrical appliances from a remote location. Lastly, the system can be modified by adding security cameras, smart blinds, robot vacuums etc.

Nowadays, Microblog has become an important online social networking platform, and a large number of users share information through Microblog. Many malicious users have released various false news driven by various interests, which seriously affects the availability of Microblog platform. Therefore, the evaluation of Microblog user credibility has become an important research issue. This paper proposes a microblog user credibility evaluation algorithm based on trust propagation. In view of the high consumption and low precision caused by malicious users' attacking algorithms and manual selection of seed sets by establishing false social relationships, this paper proposes two optimization strategies: pruning algorithm based on social activity and similarity and based on The seed node selection algorithm of clustering. The pruning algorithm can trim off the attack edges established by malicious users and normal users. The seed node selection algorithm can efficiently select the highly available seed node set, and finally use the user social relationship graph to perform the two-way propagation trust scoring, so that the low trusted user has a lower trusted score and thus identifies the malicious user. The related experiments verify the effectiveness of the trustworthiness-based user credibility evaluation algorithm in the evaluation of Microblog user credibility.

Smart buildings are controlled by multiple cyber-physical systems that provide critical services such as heating, ventilation, lighting and access control. These building systems are becoming increasingly vulnerable to both cyber and physical attacks. We introduce a multi-model methodology for assessing the security of these systems, which utilises INTO-CPS, a suite of modelling, simulation, and analysis tools for designing cyber-physical systems. Using a fan coil unit case study we show how its security can be systematically assessed when subjected to Man-in-the-Middle attacks on the data connections between system components. We suggest our methodology would enable building managers and security engineers to design attack countermeasures and refine their effectiveness.

In signed directed graph (SDG) fault diagnosis model, only single fault can be diagnosed. In order to meet the requirements of multiple faults diagnosis, in this paper, improved signed directed graph (ISDG) fault diagnosis model was proposed. The logic and influence between nodes were included in ISDG model. With ISDG model, complex logic can be shown, multiple faults can be diagnosed and the optimal sequence can be determined. Two algorithms are proposed in this paper. One algorithm can obtain the multiple faults combine logic, and the other algorithm can obtain the optimal path of fault diagnosis. According to these two algorithms, the efficiency was improved and the cost was reduced in the multiple fault diagnosis process. Finally, the faults of an aircraft engine bleed system were diagnosed with the interactive algorithm. The proposed algorithms can obtain a diagnosis result effectively. The results of two cases prove that these algorithms can be used for multiple fault diagnosis.

Industry 4.0 or the fourth industrial revolution encapsulates future industry development trends to achieve more intelligent manufacturing processes, including reliance on Cyber Physical Systems (CPS). The increase in online access and control given by the incorporation of CPSs introduces a new challenge securing the operations of the CPS in that they are not supported by standard security protocols. This paper describes a process used to effectively protect the operations of an IIoT system by implementing security protocols on the CPS within the IIoT. A series of predefined boundary conditions of the safety critical parameters for which a heating and cooling CPS can safely operate within were established. If the CPS is commended to operate outside of these boundaries, it will disconnect from all external communication network and default to some pre-defined safe-operation mode until the system has been evaluated locally by an administrator and released from the safe-mode. This method was tested and validated by establishing a sample IIoT and CPS testbed setup which monitor and control the temperature of a target environment. An attack was initiated to force the target environment outside of the determined safety-critical parameters. The system responded by disabling all network ports and defaulted to the safe-operation mode established previously.

As a multimedia security mechanism, CAPTCHAs are completely automated public turing test to tell computers and humans apart. Although cracking CAPTCHA has been explored for many years, it is still a challenging problem for real practice. In this demo, we present a text based CAPTCHA cracking system by using convolutional neural networks(CNN). To solve small sample problem, we propose to combine conditional deep convolutional generative adversarial networks(cDCGAN) and CNN, which makes a tremendous progress in accuracy. In addition, we also select multiple models with low pearson correlation coefficients for majority voting ensemble, which further improves the accuracy. The experimental results show that the system has great advantages and provides a new mean for cracking CAPTCHAs.

Cyber-physical systems (CPS) are interconnections of heterogeneous hardware and software components (e.g., sensors, actuators, physical systems/processes, computational nodes and controllers, and communication subsystems). Increasing network connectivity of CPS computational nodes facilitates maintenance and on-demand reprogrammability and reduces operator workload. However, such increasing connectivity also raises the potential for cyber-attacks that attempt unauthorized modifications of run-time parameters or control logic in the computational nodes to hamper process stability or performance. In this paper, we analyze the effectiveness of real-time monitoring using digital and analog side channels. While analog side channels might not typically provide sufficient granularity to observe each iteration of a periodic loop in the code in the CPS device, the temporal averaging inherent to side channel sensory modalities enables observation of persistent changes to the contents of a computational loop through their resulting effect on the level of activity of the device. Changes to code can be detected by observing readings from side channel sensors over a period of time. Experimental studies are performed on an ARM-based single board computer.