Biblio

Security and Privacy challenges are the most obstacles for the advancement of cloud computing and the erosion of trust boundaries already happening in organizations is amplified and accelerated by this emerging technology. Policy Management Frameworks are the most proper solutions to create dedicated security levels based on the sensitivity of resources and according to the mapping process between requirements cloud customers and capabilities of service providers. The most concerning issue in these frameworks is the rate of perfect matches between capabilities and requirements. In this paper, a reliable ring analysis engine has been introduced to efficiently map the security requirements of cloud customers to the capabilities of service provider and to enhance the rate of perfect matches between them for establishment of different security levels in clouds. In the suggested model a structural index has been introduced to receive the requirement and efficiently map them to the most proper security mechanism of the service provider. Our results show that this index-based engine enhances the rate of perfect matches considerably and decreases the detected conflicts in syntactic and semantic analysis.

Modern computing devices use classical algorithms such as Rivest Shamir Adleman (RSA) and Elliptic Curve Digital Signature Algorithm (ECDSA) for their security. The securities of these algorithms relied on the problem and difficulty of integer factorization and also calculating the Discrete Logarithm Problems. With the introduction of quantum computers, recent research is focusing on developing alternative algorithms which are supposed to withstand attacks from quantum computers. One of such alternatives is the Hash-based Digital Signature Schemes. Chosen hash-based signature schemes over classical algorithms is because their security is on the hash function used and that they are metaheuristic in nature. This research work presents basic analysis and the background understanding of Stateful Hash-based Signature Schemes, particularly the Lamport One-Time Signature Scheme, Winternitz One-Time Signature Scheme, and the Merkle Signature Scheme. The three schemes selected are stateful, hence has common features and are few-time hash-based signature schemes. The selected Stateful Hash-based Digital Signature Schemes were analyzed based on their respective key generation, signature generation, signature verification, and their security levels. Practical working examples were given for better understanding. With the analyses, Merkle Signature Scheme proves to be the best candidate to be used in the Bitcoin Proof of Work protocol because of its security and its advantage of signing many messages.

The future fifth-generation (5G) mobile communications system has already become a focus around the world. A large number of late-model services and applications including high definition visual communication, internet of vehicles, multimedia interaction, mobile industry automation, and etc, will be added to 5G network platform in the future. Different application services have different security requirements. However, the current user authentication for services and applications: Extensible Authentication Protocol (EAP) suggested by the 3GPP committee, is only a unitary authentication model, which is unable to meet the diversified security requirements of differentiated services. In this paper, we present a new diversified identity management as well as a flexible and composable three-factor authentication mechanism for different applications in 5G multi-service systems. The proposed scheme can provide four identity authentication methods for different security levels by easily splitting or assembling the proposed three-factor authentication mechanism. Without a design of several different authentication protocols, our proposed scheme can improve the efficiency, service of quality and reduce the complexity of the entire 5G multi-service system. Performance analysis results show that our proposed scheme can ensure the security with ideal efficiency.

Cybersecurity assurance plays an important role in managing trust in smart grid communication systems. In this paper, cybersecurity assurance controls for smart grid communication networks and devices are delineated from the more technical functional controls to provide insights on recent innovative risk-based approaches to cybersecurity assurance in smart grid systems. The cybersecurity assurance control baselining presented in this paper is based on requirements and guidelines of the new family of IEC 62443 standards on network and systems security of industrial automation and control systems. The paper illustrates how key cybersecurity control baselining and tailoring concepts of the U.S. NIST SP 800-53 can be adopted in smart grid security architecture. The paper outlines the application of IEC 62443 standards-based security zoning and assignment of security levels to the zones in smart grid system architectures. To manage trust in the smart grid system architecture, cybersecurity assurance base lining concepts are applied per security impact levels. Selection and justification of security assurance controls presented in the paper is utilizing the approach common in Security Technical Implementation Guides (STIGs) of the U.S. Defense Information Systems Agency. As shown in the paper, enhanced granularity for managing trust both on the overall system and subsystem levels of smart grid systems can be achieved by implementation of the instructions of the CNSSI 1253 of the U.S. Committee of National Security Systems on security categorization and control selection for national security systems.

Quantifying vulnerability and security levels for smart grid diversified link of networks have been a challenging task for a long period of time. Security experts and network administrators used to act based on their proficiencies and practices to mitigate network attacks rather than objective metrics and models. This paper uses the Markov Chain Model [1] to evaluate quantitatively the vulnerabilities associated to the 802.11 Wi-Fi network in a smart grid. Administrator can now assess the level of severity of potential attacks based on determining the probability density of the successive states and thus, providing the corresponding security measures. This model is based on the observed vulnerabilities provided by the Common Vulnerabilities and Exposures (CVE) database explored by MITRE [2] to calculate the Markov processes (states) transitions probabilities and thus, deducing the vulnerability level of the entire attack paths in an attack graph. Cumulative probabilities referring to high vulnerability level in a specific attack path will lead the system administrator to apply appropriate security measures a priori to potential attacks occurrence.

In several critical military missions, more than one decision level are involved. These decision levels are often independent and distributed, and sensitive pieces of information making up the military mission must be kept hidden from one level to another even if all of the decision levels cooperate to accomplish the same task. Usually, a mission is negotiated through insecure networks such as the Internet using cryptographic protocols. In such protocols, few security properties have to be ensured. However, designing a secure cryptographic protocol that ensures several properties at once is a very challenging task. In this paper, we propose a new secure protocol for multipart military missions that involve two independent and distributed decision levels having different security levels. We show that it ensures the secrecy, authentication, and non-repudiation properties. In addition, we show that it resists against man-in-the-middle attacks.