Biblio
Internet of Vehicle (IoV) is an essential part of the Intelligent Transportation system (ITS) which is growing exponentially in the automotive industry domain. The term IoV is used in this paper for Internet of Vehicles. IoV is conceptualized for sharing traffic, safety and several other vehicle-related information between vehicles and end user. In recent years, the number of connected vehicles has increased allover the world. Having information sharing and connectivity as its advantage, IoV also faces the challenging task in the cybersecurity-related matters. The future consists of crowded places in an interconnected world through wearable's, sensors, smart phones etc. We are converging towards IoV technology and interactions with crowded space of connected peoples. However, this convergence demands high-security mechanism from the connected crowd as-well-as other connected vehicles to safeguard of proposed IoV system. In this paper, we coin the term of smart people crowd (SPC) and the smart vehicular crowd (SVC) for the Internet of Vehicles (IoV). These specific crowds of SPC and SVC are the potential cyber attackers of the smart IoV. People connected to the internet in the crowded place are known as a smart crowd. They have interfacing devices with sensors and the environment. A smart crowd would also consist of the random number of smart vehicles. With the future converging in to the smart connected framework for crowds, vehicles and connected vehicles, we present a novel cyber-physical surveillance system (CPSS) framework to tackle the security threats in the crowded environment for the smart automotive industry and provide the cyber security mechanism in the crowded places. We also describe an overview of use cases and their security challenges on the Internet of Vehicles.
With the construction and implementation of the government information resources sharing mechanism, the protection of citizens' privacy has become a vital issue for government departments and the public. This paper discusses the risk of citizens' privacy disclosure related to data sharing among government departments, and analyzes the current major privacy protection models for data sharing. Aiming at the issues of low efficiency and low reliability in existing e-government applications, a statistical data sharing framework among governmental departments based on local differential privacy and blockchain is established, and its applicability and advantages are illustrated through example analysis. The characteristics of the private blockchain enhance the security, credibility and responsiveness of information sharing between departments. Local differential privacy provides better usability and security for sharing statistics. It not only keeps statistics available, but also protects the privacy of citizens.
Modern operating systems for personal computers (including Linux, MAC, and Windows) provide user-level APIs for an application to access the I/O paths of another application. This design facilitates information sharing between applications, enabling applications such as screenshots. However, it also enables user-level malware to log a user's keystrokes or scrape a user's screen output. In this work, we explore a design called SwitchMan to protect a user's I/O paths against user-level malware attacks. SwitchMan assigns each user with two accounts: a regular one for normal operations and a protected one for inputting and outputting sensitive data. Each user account runs under a separate virtual terminal. Malware running under a user's regular account cannot access sensitive input/output under a user's protected account. At the heart of SwitchMan lies a secure protocol that enables automatic account switching when an application requires sensitive input/output from a user. Our performance evaluation shows that SwitchMan adds acceptable performance overhead. Our security and usability analysis suggests that SwitchMan achieves a better tradeoff between security and usability than existing solutions.
Today's malware often relies on DNS to enable communication with command-and-control (C&C). As defenses that block C&C traffic improve, malware use sophisticated techniques to hide this traffic, including "fast flux" names and Domain-Generation Algorithms (DGAs). Detecting this kind of activity requires analysis of DNS queries in network traffic, yet these signals are sparse. As bot countermeasures grow in sophistication, detecting these signals increasingly requires the synthesis of information from multiple sites. Yet sharing security information across organizational boundaries to date has been infrequent and ad hoc because of unknown risks and uncertain benefits. In this paper, we take steps towards formalizing cross-site information sharing and quantifying the benefits of data sharing. We use a case study on DGA-based botnet detection to evaluate how sharing cybersecurity data can improve detection sensitivity and allow the discovery of malicious activity with greater precision.
Healthcare Internet of Things (HIoT) is transforming healthcare industry by providing large scale connectivity for medical devices, patients, physicians, clinical and nursing staff who use them and facilitate real-time monitoring based on the information gathered from the connected things. Heterogeneity and vastness of this network provide both opportunity and challenges for information collection and sharing. Patient-centric information such as health status and medical devices used by them must be protected to respect their safety and privacy, while healthcare knowledge should be shared in confidence by experts for healthcare innovation and timely treatment of patients. In this paper an overview of HIoT is given, emphasizing its characteristics to those of Big Data, and a security and privacy architecture is proposed for it. Context-sensitive role-based access control scheme is discussed to ensure that HIoT is reliable, provides data privacy, and achieves regulatory compliance.