Biblio

Microgrids are a promising alternative to the traditional distribution systems due to their highly desirable features, such as, reliability, resiliency, and efficiency. This paper covers the design, simulation, and economic analysis of a theoretically designed modern, mixed-use commercial and residential building on a feeder in Charleston, SC, USA. The designed system is simulated in PSCAD/EMTDC. The system combines a natural gas CHP turbine and generator block set, solar photovoltaics (PV), and a battery energy storage system (BESS). It is planned to provide power through a DC lighting bus and an AC to several different commercial load profiles as well as 40 apartments of varying sizes. Additionally, a comprehensive economic analysis is completed with available or estimated pricing to prove the feasibility of such a project.

The analysis of large-scale software and finding security vulnerabilities while its evolving is difficult without using supplementary tools, because of the size and complexity of today's systems. However just by looking at a report, doesn't transmit the overall picture of the system in terms of security vulnerabilities and its evolution throughout the project lifecycle. Software visualization is a program comprehension technique used in the context of the present and explores large amounts of information precisely. For the analysis of security vulnerabilities of complex software systems, Secure Codecity with Evolution is an interactive 3D visualization tool that can be utilized. Its studies techniques and methods are used for graphically illustrating security aspects and the evolution of software. The Main goal of the proposed Framework defined as uplift, simplify, and clarify the mental representation that a software engineer has of a software system and its evolution in terms of its security. Static code was visualised based on a city metaphor, which represents classes as buildings and packages as districts of a city. Identified Vulnerabilities were represented in a different color according to the severity. To visualize a number of different aspects, A large variety of options were given. Users can evaluate the evolution of the security vulnerabilities of a system on several versions using Matrices provided which will help users go get an overall understanding about security vulnerabilities varies with different versions of software. This framework was implemented using SonarQube for software vulnerability detection and ThreeJs for implementing the City Metaphor. The evaluation results evidently show that our framework surpasses the existing tools in terms of accuracy, efficiency and usability.

Intrusion Detection Systems (IDS) are the systems that detect and block any potential threats (e.g. DDoS attacks) in the network. In this project, we explore the performance of several machine learning techniques when used as parts of an IDS. We experiment with the CICIDS2017 dataset, one of the biggest and most complete IDS datasets in terms of having a realistic background traffic and incorporating a variety of cyber attacks. The techniques we present are applicable to any IDS dataset and can be used as a basis for deploying a real time IDS in complex environments.

Inter-networked control systems make smart buildings increasingly efficient but can lead to severe operational disruptions and infrastructure damage. It is vital the security state of smart buildings is properly assessed so that thorough and cost effective risk management can be established. This paper uniquely reports on an actual risk assessment performed in 2018 on one of the world's most densely monitored, state-of-the-art, smart buildings. From our observations, we suggest that current practice may be inadequate due to a number of challenges and deficiencies, including the lack of a recognised smart building risk assessment methodology. As a result, the security posture of many smart buildings may not be as robust as their risk assessments suggest. Crucially, we highlight a number of key recommendations for a more comprehensive risk assessment process for smart buildings. As a whole, we believe this practical experience report will be of interest to a range of smart building stakeholders.

This paper describes our design and implementation of a covert channel over LoRa physical layer (PHY). LoRa adopts a unique modulation scheme (chirp spread spectrum (CSS)) to enable long range communication at low-power consumption. CSS uses the initial frequencies of LoRa chirps to differentiate LoRa symbols, while simply ignoring other RF parameters (e.g., amplitude and phase). Our study reveals that the LoRa physical layer leaves sufficient room to build a covert channel by embedding covert information with a modulation scheme orthogonal to CSS. To demonstrate the feasibility of building a covert channel, we implement CloakLoRa. CloakLoRa embeds covert information into a regular LoRa packet by modulating the amplitudes of LoRa chirps while keeping the frequency intact. As amplitude modulation is orthogonal to CSS, a regular LoRa node receives the LoRa packet as if no secret information is embedded into the packet. Such an embedding method is transparent to all security mechanisms at upper layers in current LoRaWAN. As such, an attacker can create an amplitude modulated covert channel over LoRa without being detected by current LoRaWAN security mechanism. We conduct comprehensive evaluations with COTS LoRa nodes and receive-only software defined radios and experiment results show that CloakLoRa can send covert information over 250m.

Trust is a fundamental factor in how users engage in interactions with Visual Analytics (VA) systems. While the importance of building trust to this end has been pointed out in research, the aspect that trust can also be misplaced is largely ignored in VA so far. This position paper addresses this aspect by putting trust calibration in focus – i.e., the process of aligning the user’s trust with the actual trustworthiness of the VA system. To this end, we present the trust continuum in the context of VA, dissect important trust issues in both VA systems and users, as well as discuss possible approaches that can build and calibrate trust.

This paper studies the physical layer security (PLS) of a vehicular network employing a reconfigurable intelligent surface (RIS). RIS technologies are emerging as an important paradigm for the realisation of smart radio environments, where large numbers of small, low-cost and passive elements, reflect the incident signal with an adjustable phase shift without requiring a dedicated energy source. Inspired by the promising potential of RIS-based transmission, we investigate two vehicular network system models: One with vehicle-to-vehicle communication with the source employing a RIS-based access point, and the other model in the form of a vehicular adhoc network (VANET), with a RIS-based relay deployed on a building. Both models assume the presence of an eavesdropper to investigate the average secrecy capacity of the considered systems. Monte-Carlo simulations are provided throughout to validate the results. The results show that performance of the system in terms of the secrecy capacity is affected by the location of the RIS-relay and the number of RIS cells. The effect of other system parameters such as source power and eavesdropper distances are also studied.

Given a selected complex orthogonal space-time block code (STBC), transformation algorithms are provided to build a set, S, of unique orthogonal STBCs with cardinality equal to \textbackslashtextbarS\textbackslashtextbar = 2r+c+k-1·r!·c!, where r, c, and k are the number of rows, columns, and data symbols in the STBC matrix, respectively. A communications link is discussed that encodes data symbols with a chosen STBC from the set known only to the transmitter and intended receiver as a means of providing physical layer security (PLS). Expected bit error rate (BER) and informationtheoretic results for an eavesdropper with a priori knowledge of the communications link parameters with the exception of the chosen STBC are presented. Monte Carlo simulations are provided to confirm the possible BER results expected when decoding the communications link with alternative STBCs from the set. Application of the transformation algorithms provided herein are shown to significantly increase the brute force decoding complexity of an eavesdropper compared to a related work in the literature.

In this article, we introduce the MACH-2K trust overlay network and its architecture. MACH-2K's objectives are to (a) enhance the resiliency of emergency response and public service networks and (b) help build such networks in places, or at times, where network infrastructure is limited. Resiliency may be enhanced in an economic manner by building new ad hoc networks of private mobile devices and joining these to public service networks at specific trusted points. The major barrier to building resiliency by using private devices is ensuring security. MACH-2K uses device location and communication utility patterns to assign trust to devices, after owner approval. After trust is established, message confidentiality, privacy, and integrity may be implemented by well-known cryptographic means. MACH-2K devices may be then requested to forward or consume different types of messages depending on their current level of trust and utility.

This article discusses existing approaches to building regional scale networks. Authors offer a mathematical model of network growth process, on the basis of which simulation is performed. The availability characteristic is used as criterion for measuring optimality. This report describes the mechanism for measuring network availability and contains propositions to make changes to the procedure for designing of regional networks, which can improve its qualitative characteristics. The efficiency of changes is confirmed by simulation.

Modern cloud applications can consist of hundreds of services with thousands of instances. In order to solve the problems of interservice interaction in this highly dynamic environment, an additional software infrastructure layer called service mesh is introduced. This layer provides a single point of interaction with the network for each service. Service mesh mechanisms are responsible for: load balancing, processing of network requests, service discovery, authentication, authorization, etc. However, the following questions arise: complex key management, fine-grained access control at the application level, confidentiality of data and many-to-many communications. It is possible to solve these problems with Attribute-based encryption (ABE) methods. This paper presents an abstract model of a service mesh and a protocol for interservice communications, which uses ABE for authorization and confidentiality of the messages.

GPS signals, the main origin of navigation, are not functional in indoor environments. Therefore, Wi-Fi access points have started to be increasingly used for localization and tracking inside the buildings by relying on fingerprint-based approach. However, with these types of approaches, several concerns regarding the privacy of the users have arisen. Malicious individuals can determine a clients daily habits and activities by simply analyzing their wireless signals. While there are already efforts to incorporate privacy to the existing fingerprint-based approaches, they are limited to the characteristics of the homo-morphic cryptographic schemes they employed. In this paper, we propose to enhance the performance of these approaches by exploiting another homomorphic algorithm, namely DGK, with its unique encrypted sorting capability and thus pushing most of the computations to the server side. We developed an Android app and tested our system within a Columbia University dormitory. Compared to existing systems, the results indicated that more power savings can be achieved at the client side and DGK can be a viable option with more powerful server computation capabilities.

Due to practical constraints in preventing phishing through public network or insecure communication channels, simple physical unclonable function (PDF)-based authentication protocol with unrestricted queries and transparent responses is vulnerable to modeling and replay attacks. In this paper, we present a PUF-based authentication method to mitigate the practical limitations in applications where a resource-rich server authenticates a device with no strong restriction imposed on the type of PUF designs or any additional protection on the binary channel used for the authentication. Our scheme uses an active deception protocol to prevent machine learning (ML) attacks on a device. The monolithic system makes collection of challenge response pairs (CRPs) easy for model building during enrollment but prohibitively time consuming upon device deployment. A genuine server can perform a mutual authentication with the device at any time with a combined fresh challenge contributed by both the server and the device. The message exchanged in clear does not expose the authentic CRPs. The false PUF multiplexing is fortified against prediction of waiting time by doubling the time penalty for every unsuccessful authentication.

Modern vehicles in Intelligent Transportation Systems (ITS) can communicate with each other as well as roadside infrastructure units (RSUs) in order to increase transportation efficiency and road safety. For example, there are techniques to alert drivers in advance about traffic incidents and to help them avoid congestion. Threats to these systems, on the other hand, can limit the benefits of these technologies. Securing ITS itself is an important concern in ITS design and implementation. In this paper, we provide a security model of ITS which extends the classic layered network security model with transportation security and information security, and gives a reference for designing ITS architectures. Based on this security model, we also present a classification of ITS threats for defense. Finally a proof-of-concept example with malicious nodes in an ITS system is also given to demonstrate the impact of attacks. We analyzed the threat of malicious nodes and their effects to commuters, like increasing toll fees, travel distances, and travel times etc. Experimental results from simulations based on Veins shows the threats will bring about 43.40% more total toll fees, 39.45% longer travel distances, and 63.10% more travel times.

In this research paper author surveys the need of data protection from intelligent systems in the private and public sectors. For this, she identifies that the Smart Information Security Intel processes needs to be the suggestive key policy for both sectors of governance either public or private. The information is very sensitive for any organization. When the government offices are concerned, information needs to be abstracted and encapsulated so that there is no information stealing. For this purposes, the art of skill set and new optimized technology needs to be stationed. Author identifies that digital bar-coded air port like security using conveyor belts and digital bar-coded conveyor boxes to scan switched ON articles like internet of things needs to be placed. As otherwise, there can potentially be data, articles or information stealing from the operational sites where access is unauthorized. Such activities shall need to be scrutinized, minutely. The biometric such as fingerprints, iris, voice and face recognition pattern updates in the virtual data tables must be taken to keep data entry-exit log up to-date. The information technicians of the sentinel systems must help catch the anomalies in the professional working time in private and public sectors if there is red flag as indicator. The author in this research paper shall discuss in detail what we shall station, how we shall station and what all measures we might need to undertake to safeguard the stealing of sensitive information from the organizations like administration buildings, government buildings, educational schools, hospitals, courts, private buildings, banks and all other offices nation-wide. The TO-BE new processes shall make the AS-IS office system more information secured, data protected and personnel security stronger.

Processing smart grid data for analytics purposes brings about a series of privacy-related risks. In order to allow for the most suitable mitigation strategies, reasonable privacy risks need to be addressed by taking into consideration the perspective of each smart grid stakeholder separately. In this context, we use the notion of privacy concerns to reflect potential privacy risks from the perspective of different smart grid stakeholders. Privacy concerns help to derive privacy goals, which we represent using the goals structuring notation. Thus represented goals can more comprehensibly be addressed through technical and non-technical strategies and solutions. The thread of argumentation - from concerns to goals to strategies and solutions - is presented in form of a privacy case, which is analogous to the safety case used in the automotive domain. We provide an exemplar privacy case for the smart grid developed as part of the Aspern Smart City Research project.

The United States and European Union have an increasing number of projects that are engaging end-use devices for improved grid capabilities. Areas such as building-to-grid and vehicle-to-grid are simple examples of these advanced capabilities. In this paper, we present an innovative concept study for a ship-to-grid integration. The goal of this study is to simulate a two-way power flow between ship(s) and the grid with GridLAB-D for the port of Kyllini in Greece, where a ship-to-shore interconnection was recently implemented. Extending this further, we explore: (a) the ability of ships to meet their load demand needs, while at berth, by being supplied with energy from the electric grid and thus powering off their diesel engines; and (b) the ability of ships to provide power to critical loads onshore. As a result, the ship-to-grid integration helps (a) mitigate environmental pollutants from the ships' diesel engines and (b) provide resilience to nearby communities during a power disruption due to natural disasters or man-made threats.

Video games normally use Artificial Intelligence techniques to improve Non-Player Character (NPC) behavior, creating a more realistic experience for their players. However, rational behavior in general does not consider social interactions between player and bots. Because of that, a new framework for NPCs was proposed, which uses a social bias to mix the default strategy of finding the best possible plays to win with a analysis to decide if other players should be categorized as allies or foes. Trust and reputation models were used together to implement this demeanor. In this paper we discuss an implementation of this framework inside the game Settlers of Catan. New NPC agents are created to this implementation. We also analyze the results obtained from simulations among agents and players to conclude how the use of trust and reputation in NPCs can create a better gaming experience.

The hybrid microgrid is attracting great attention in recent years as it combines the main advantages of the alternating current (AC) and direct current (DC) microgrids. It is one of the best candidates to support a net-zero energy community. Thus, this paper investigates and compares different hybrid AC/DC microgrid configurations that are suitable for a net-zero energy community. Four different configurations are compared with each other in terms of their impacts on the overall system reliability, expandability, load shedding requirements, power sharing issues, net-zero energy capability, number of the required interface converters, and the requirement of costly medium-voltage components. The results of the investigations indicate that the best results are achieved when each building is enabled to supply its critical loads using an independent AC microgrid that is interfaced to the DC microgrid through a dedicated interface converter.

In Cloud Manufacturing trust is an important, under investigated issue. This paper proceeds the noncommittal phase of the grounded theory method approach by investigating the trust topic in several research streams, defining the problem domain. This novel approach fills a research gap and can be treated as a snapshot and blueprint of research. Findings were accomplished by a structured literature review and are able to help future researchers in pursuing the integrative phase in Grounded Theory by building on the preliminary result of this paper.

Exploits based on ROP (Return-Oriented Programming) are increasingly present in advanced attack scenarios. Testing systems for ROP-based attacks can be valuable for improving the security and reliability of software. In this paper, we propose ROPMATE, the first Visual Analytics system specifically designed to assist human red team ROP exploit builders. In contrast, previous ROP tools typically require users to inspect a puzzle of hundreds or thousands of lines of textual information, making it a daunting task. ROPMATE presents builders with a clear interface of well-defined and semantically meaningful gadgets, i.e., fragments of code already present in the binary application that can be chained to form fully-functional exploits. The system supports incrementally building exploits by suggesting gadget candidates filtered according to constraints on preserved registers and accessed memory. Several visual aids are offered to identify suitable gadgets and assemble them into semantically correct chains. We report on a preliminary user study that shows how ROPMATE can assist users in building ROP chains.

Cloud storage backends such as Amazon S3 are a potential storage solution to enterprises. However, to couple enterprises with these backends, at least two problems must be solved: first, how to make these semi-trusted backends as secure as on-premises storage; and second, how to selectively retrieve files as easy as on-premises storage. A security proxy can address both the problems by building a local index from keywords in files before encrypting and uploading files to these backends. But, if the local index is built in plaintext, file content is still vulnerable to local malicious staff. Searchable Encryption (SE) can get rid of this vulnerability by making index into ciphertext; however, its known constructions often require modifications to index database, and, to support wildcard queries, they are not efficient at all. In this paper, we present a security proxy that, based on our wildcard SE construction, can securely and efficiently couple enterprises with these backends. In particular, since our SE construction can work directly with existing database systems, it incurs only a little overhead, and when needed, permits the security proxy to run with constantly small storage footprint by readily out-sourcing all built indices to existing cloud databases.

Trustworthiness is a paramount concern for users and customers in the selection of a software solution, specially in the context of complex and dynamic environments, such as Cloud and IoT. However, assessing and benchmarking trustworthiness (worthiness of software for being trusted) is a challenging task, mainly due to the variety of application scenarios (e.g., businesscritical, safety-critical), the large number of determinative quality attributes (e.g., security, performance), and last, but foremost, due to the subjective notion of trust and trustworthiness. In this paper, we present trustworthiness as a measurable notion in relative terms based on security attributes and propose an approach for the assessment and benchmarking of software. The main goal is to build a trustworthiness assessment model based on software metrics (e.g., Cyclomatic Complexity, CountLine, CBO) that can be used as indicators of software security. To demonstrate the proposed approach, we assessed and ranked several files and functions of the Mozilla Firefox project based on their trustworthiness score and conducted a survey among several software security experts in order to validate the obtained rank. Results show that our approach is able to provide a sound ranking of the benchmarked software.

The advent of smart grids offers us the opportunity to better manage the electricity grids. One of the most interesting challenges in the modern grids is the consumer demand management. Indeed, the development in Information and Communication Technologies (ICTs) encourages the development of demand-side management systems. In this paper, we propose a distributed energy demand scheduling approach that uses minimal interactions between consumers to optimize the energy demand. We formulate the consumption scheduling as a constrained optimization problem and use game theory to solve this problem. On one hand, the proposed approach aims to reduce the total energy cost of a building's consumers. This imposes the cooperation between all the consumers to achieve the collective goal. On the other hand, the privacy of each user must be protected, which means that our distributed approach must operate with a minimal information exchange. The performance evaluation shows that the proposed approach reduces the total energy cost, each consumer's individual cost, as well as the peak to average ratio.

Collaborative smart services provide functionalities which exploit data collected from different sources to provide benefits to a community of users. Such data, however, might be privacy sensitive and their disclosure has to be avoided. In this paper, we present a distributed multi-tier framework intended for smart-environment management, based on usage control for policy evaluation and enforcement on devices belonging to different collaborating entities. The proposed framework exploits secure multi-party computation to evaluate policy conditions without disclosing actual value of evaluated attributes, to preserve privacy. As reference example, a smart-grid use case is presented.