Visible to the public Biblio

Filters: Keyword is integrity  [Clear All Filters]
2023-07-13
Hao, Qiang, Xu, Dongdong, Zhang, Zhun, Wang, Jiqing, Le, Tong, Wang, Jiawei, Zhang, Jinlei, Liu, Jiakang, Ma, Jinhui, Wang, Xiang.  2022.  A Hardware-Assisted Security Monitoring Method for Jump Instruction and Jump Address in Embedded Systems. 2022 8th Annual International Conference on Network and Information Systems for Computers (ICNISC). :197–202.
With the development of embedded systems towards networking and intelligence, the security threats they face are becoming more difficult to prevent. Existing protection methods make it difficult to monitor jump instructions and their target addresses for tampering by attackers at the low hardware implementation overhead and performance overhead. In this paper, a hardware-assisted security monitoring module is designed to monitor the integrity of jump instructions and jump addresses when executing programs. The proposed method has been implemented on the Xilinx Kintex-7 FPGA platform. Experiments show that this method is able to effectively monitor tampering attacks on jump instructions as well as target addresses while the embedded system is executing programs.
2023-06-29
Bodapati, Nagaeswari, Pooja, N., Varshini, E. Amrutha, Jyothi, R. Naga Sravana.  2022.  Observations on the Theory of Digital Signatures and Cryptographic Hash Functions. 2022 4th International Conference on Smart Systems and Inventive Technology (ICSSIT). :1–5.
As the demand for effective information protection grows, security has become the primary concern in protecting such data from attackers. Cryptography is one of the methods for safeguarding such information. It is a method of storing and distributing data in a specific format that can only be read and processed by the intended recipient. It offers a variety of security services like integrity, authentication, confidentiality and non-repudiation, Malicious. Confidentiality service is required for preventing disclosure of information to unauthorized parties. In this paper, there are no ideal hash functions that dwell in digital signature concepts is proved.
2023-04-14
Alcaraz-Velasco, Francisco, Palomares, José M., Olivares, Joaquín.  2022.  Analysis of the random shuffling of message blocks as a low-cost integrity and security measure. 2022 17th Iberian Conference on Information Systems and Technologies (CISTI). :1–6.
Recently, a mechanism that randomly shuffles the data sent and allows securing the communication without the need to encrypt all the information has been proposed. This proposal is ideal for IoT systems with low computational capacity. In this work, we analyze the strength of this proposal from a brute-force attack approach to obtain the original message without knowledge of the applied disordering. It is demonstrated that for a set of 10x10 16-bit data, the processing time and the required memory are unfeasible with current technology. Therefore, it is safe.
ISSN: 2166-0727
2023-03-31
Vineela, A., Kasiviswanath, N., Bindu, C. Shoba.  2022.  Data Integrity Auditing Scheme for Preserving Security in Cloud based Big Data. 2022 6th International Conference on Intelligent Computing and Control Systems (ICICCS). :609–613.
Cloud computing has become an integral part of medical big data. The cloud has the capability to store the large data volumes has attracted more attention. The integrity and privacy of patient data are some of the issues that cloud-based medical big data should be addressed. This research work introduces data integrity auditing scheme for cloud-based medical big data. This will help minimize the risk of unauthorized access to the data. Multiple copies of the data are stored to ensure that it can be recovered quickly in case of damage. This scheme can also be used to enable doctors to easily track the changes in patients' conditions through a data block. The simulation results proved the effectiveness of the proposed scheme.
ISSN: 2768-5330
2023-02-17
Khan, Muhammad Maaz Ali, Ehabe, Enow Nkongho, Mailewa, Akalanka B..  2022.  Discovering the Need for Information Assurance to Assure the End Users: Methodologies and Best Practices. 2022 IEEE International Conference on Electro Information Technology (eIT). :131–138.

The use of software to support the information infrastructure that governments, critical infrastructure providers and businesses worldwide rely on for their daily operations and business processes is gradually becoming unavoidable. Commercial off-the shelf software is widely and increasingly used by these organizations to automate processes with information technology. That notwithstanding, cyber-attacks are becoming stealthier and more sophisticated, which has led to a complex and dynamic risk environment for IT-based operations which users are working to better understand and manage. This has made users become increasingly concerned about the integrity, security and reliability of commercial software. To meet up with these concerns and meet customer requirements, vendors have undertaken significant efforts to reduce vulnerabilities, improve resistance to attack and protect the integrity of the products they sell. These efforts are often referred to as “software assurance.” Software assurance is becoming very important for organizations critical to public safety and economic and national security. These users require a high level of confidence that commercial software is as secure as possible, something only achieved when software is created using best practices for secure software development. Therefore, in this paper, we explore the need for information assurance and its importance for both organizations and end users, methodologies and best practices for software security and information assurance, and we also conducted a survey to understand end users’ opinions on the methodologies researched in this paper and their impact.

ISSN: 2154-0373

2023-02-03
Muliono, Yohan, Darus, Mohamad Yusof, Pardomuan, Chrisando Ryan, Ariffin, Muhammad Azizi Mohd, Kurniawan, Aditya.  2022.  Predicting Confidentiality, Integrity, and Availability from SQL Injection Payload. 2022 International Conference on Information Management and Technology (ICIMTech). :600–605.
SQL Injection has been around as a harmful and prolific threat on web applications for more than 20 years, yet it still poses a huge threat to the World Wide Web. Rapidly evolving web technology has not eradicated this threat; In 2017 51 % of web application attacks are SQL injection attacks. Most conventional practices to prevent SQL injection attacks revolves around secure web and database programming and administration techniques. Despite developer ignorance, a large number of online applications remain susceptible to SQL injection attacks. There is a need for a more effective method to detect and prevent SQL Injection attacks. In this research, we offer a unique machine learning-based strategy for identifying potential SQL injection attack (SQL injection attack) threats. Application of the proposed method in a Security Information and Event Management(SIEM) system will be discussed. SIEM can aggregate and normalize event information from multiple sources, and detect malicious events from analysis of these information. The result of this work shows that a machine learning based SQL injection attack detector which uses SIEM approach possess high accuracy in detecting malicious SQL queries.
2023-01-13
Yuan, Wenyong, Wei, Lixian, Li, Zhengge, Ki, Ruifeng, Yang, Xiaoyuan.  2022.  ID-based Data Integrity Auditing Scheme from RSA with Forward Security. 2022 7th International Conference on Cloud Computing and Big Data Analytics (ICCCBDA). :192—197.

Cloud data integrity verification was an important means to ensure data security. We used public key infrastructure (PKI) to manage user keys in Traditional way, but there were problems of certificate verification and high cost of key management. In this paper, RSA signature was used to construct a new identity-based cloud audit protocol, which solved the previous problems caused by PKI and supported forward security, and reduced the loss caused by key exposure. Through security analysis, the design scheme could effectively resist forgery attack and support forward security.

2022-08-03
Gao, Hongxia, Yu, Zhenhua, Cong, Xuya, Wang, Jing.  2021.  Trustworthiness Evaluation of Smart Grids Using GSPN. 2021 IEEE International Conference on Networking, Sensing and Control (ICNSC). 1:1—7.
Smart grids are one of the most important applications of cyber-physical systems. They intelligently transmit energy to customers by information technology, and have replaced the traditional power grid and are widely used. However, smart grids are vulnerable to cyber-attacks. Once attacked, it will cause great losses and lose the trust of customers. Therefore, it is important to evaluate the trustworthiness of smart grids. In order to evaluate the trustworthiness of smart grids, this paper uses a generalized stochastic Petri net (GSPN) to model smart grids. Considering various security threats that smart grids may face, we propose a general GSPN model for smart grids, which evaluates trustworthiness from three metrics of reliability, availability, and integrity by analyzing steady-state and transient probabilities. Finally, we obtain the value of system trustworthiness and simulation results show that the feasibility and effectiveness of our model for smart grids trustworthiness.
2022-06-09
Ude, Okechukwu, Swar, Bobby.  2021.  Securing Remote Access Networks Using Malware Detection Tools for Industrial Control Systems. 2021 4th IEEE International Conference on Industrial Cyber-Physical Systems (ICPS). :166–171.
With their role as an integral part of its infrastructure, Industrial Control Systems (ICS) are a vital part of every nation's industrial development drive. Despite several significant advancements - such as controlled-environment agriculture, automated train systems, and smart homes, achieved in critical infrastructure sectors through the integration of Information Systems (IS) and remote capabilities with ICS, the fact remains that these advancements have introduced vulnerabilities that were previously either nonexistent or negligible, one being Remote Access Trojans (RATs). Present RAT detection methods either focus on monitoring network traffic or studying event logs on host systems. This research's objective is the detection of RATs by comparing actual utilized system capacity to reported utilized system capacity. To achieve the research objective, open-source RAT detection methods were identified and analyzed, a GAP-analysis approach was used to identify the deficiencies of each method, after which control algorithms were developed into source code for the solution.
2022-05-06
Vamshi, A, Rao, Gudeme Jaya, Pasupuleti, Syam Kumar, Eswari, R.  2021.  EPF-CLPA: An Efficient Pairing-Free Certificateless Public Auditing for Cloud-based CPS. 2021 5th International Conference on Intelligent Computing and Control Systems (ICICCS). :48–54.
Cloud based cyber physical system (CPS) enables individuals to store and share data collected from both cyberspace and the physical world. This leads to the proliferation of massive data at a user's local site. Since local storage systems can't store and maintain huge data, it is a wise and practical way to outsource such huge data to the cloud. Cloud storage provides scalable storage space to manage data economically and flexibly. However, the integrity of outsourced data is a critical challenge because user's lose control of their data once it's transferred to cloud servers. Several auditing schemes have been put forward based on public key infrastructure (PKI) or identity-based cryptography to verify data integrity. However, “the PKI-based schemes suffer from certificate management problem and identity-based schemes face the key escrow” problem. Therefore, to address these problems, certificateless public auditing schemes have been introduced on the basis of bilinear pairing, which incur high computation overhead, and thus it is not suitable for CPS. To reduce the computation overhead, in this paper, Using elliptic curve cryptography, we propose an efficient pairing-free certificateless public auditing scheme for cloud-based CPS. The proposed scheme is more secure against type I/II/III adversaries and efficient compared to other certificateless based schemes.
Kumar, Anuj.  2021.  Data Security and Privacy using DNA Cryptography and AES Method in Cloud Computing. 2021 Fifth International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC). :1529—1535.
Cloud computing has changed how humans use their technological expertise. It indicates a transition in the use of computers as utilitarian instruments with radical applications in general. However, as technology advances, the number of hazards increases and crucial data protection has become increasingly challenging due to extensive internet use. Every day, new encryption methods are developed, and much research is carried out in the search for a reliable cryptographic algorithm. The AES algorithm employs an overly simplistic algebraic structure. Each block employs the same encryption scheme, and AES is subject to brute force and MITM attacks. AES have not provide d sufficient levels of security; the re is still a need to put further le vels of protection over them. In this regard, DNA cryptography allows you to encrypt a large quantity of data using only a few amount of DNA. This paper combines two methodologies, a DNA-based algorithm and the AES Algorithm, to provide a consi derably more secure data security platform. The DNA cryptography technology and the AES approach are utilized for data encryption and decryption. To improve cloud security, DNA cryptography and AES provide a technologically ideal option.
2022-04-01
Pokharana, Anchal, Sharma, Samiksha.  2021.  Encryption, File Splitting and File compression Techniques for Data Security in virtualized environment. 2021 Third International Conference on Inventive Research in Computing Applications (ICIRCA). :480—485.
Nowadays cloud computing has become the crucial part of IT and most important thing is information security in cloud environment. Range of users can access the facilities and use cloud according to their feasibility. Cloud computing is utilized as safe storage of information but still data security is the biggest concern, for example, secrecy, data accessibility, data integrity is considerable factor for cloud storage. Cloud service providers provide the facility to clients that they can store the data on cloud remotely and access whenever required. Due to this facility, it gets necessary to shield or cover information from unapproved access, hackers or any sort of alteration and malevolent conduct. It is inexpensive approach to store the valuable information and doesn't require any hardware and software to hold the data. it gives excellent work experience but main measure is just security. In this work security strategies have been proposed for cloud data protection, capable to overpower the shortcomings of conventional data protection algorithms and enhancing security using steganography algorithm, encryption decryption techniques, compression and file splitting technique. These techniques are utilized for effective results in data protection, Client can easily access our developed desktop application and share the information in an effective and secured way.
2022-03-15
Rawal, Bharat S., Gollapudi, Sai Tarun.  2021.  No-Sum IPsec Lite: Simplified and lightweight Internet security protocol for IoT devices. 2021 8th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/2021 7th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom). :4—9.
IPsec is widely used for internet security because it offers confidentiality, integrity, and authenticity also protects from replay attacks. IP Security depends on numerous frameworks, organization propels, and cryptographic techniques. IPsec is a heavyweight complex security protocol suite. Because of complex architecture and implementation processes, security implementers prefer TLS. Because of complex implementation, it is impractical to manage over the IoT devices. We propose a simplified and lite version of internet security protocol implemented with only ESP. For encryption, we use AES, RAS-RLP public key cryptography.
2022-03-14
Romero Goyzueta, Christian Augusto, Cruz De La Cruz, Jose Emmanuel, Cahuana, Cristian Delgado.  2021.  VPNoT: End to End Encrypted Tunnel Based on OpenVPN and Raspberry Pi for IoT Security. 2021 International Conference on Electrical, Computer, Communications and Mechatronics Engineering (ICECCME). :1–5.
Internet of Things (IoT) devices use different types of media and protocols to communicate to Internet, but security is compromised since the devices are not using encryption, authentication and integrity. Virtual Private Network of Things (VPNoT) is a new technology designed to create end to end encrypted tunnels for IoT devices, in this case, the VPNoT device is based on OpenVPN that provides confidentiality and integrity, also based on Raspberry Pi as the hardware and Linux as the operating system, both provide connectivity using different types of media to access Internet and network management. IoT devices and sensors can be connected to the VPNoT device so an encrypted tunnel is created to an IoT Server. VPNoT device uses a profile generated by the server, then all devices form a virtual private network (VPN). VPNoT device can act like a router when necessary and this environment works for IPv6 and IPv4 with a great advantage that OpenVPN traverses NAT permitting private IoT servers be accessible to the VPN. The annual cost of the improvement is about \$455 USD per year for 10 VPNoT devices.
2022-02-25
Wittek, Kevin, Wittek, Neslihan, Lawton, James, Dohndorf, Iryna, Weinert, Alexander, Ionita, Andrei.  2021.  A Blockchain-Based Approach to Provenance and Reproducibility in Research Workflows. 2021 IEEE International Conference on Blockchain and Cryptocurrency (ICBC). :1–6.
The traditional Proof of Existence blockchain service on the Bitcoin network can be used to verify the existence of any research data at a specific point of time, and to validate the data integrity, without revealing its content. Several variants of the blockchain service exist to certify the existence of data relying on cryptographic fingerprinting, thus enabling an efficient verification of the authenticity of such certifications. However, nowadays research data is continuously changing and being modified through different processing steps in most scientific research workflows such that certifications of individual data objects seem to be constantly outdated in this setting. This paper describes how the blockchain and distributed ledger technology can be used to form a new certification model, that captures the research process as a whole in a more meaningful way, including the description of the used data through its different stages and the associated computational pipeline, code for analysis and the experimental design. The scientific blockchain infrastructure bloxberg, together with a deep learning based analysis from the behavioral science field are used to show the applicability of the approach.
2022-02-08
Hamdi, Mustafa Maad, Yussen, Yuser Anas, Mustafa, Ahmed Shamil.  2021.  Integrity and Authentications for service security in vehicular ad hoc networks (VANETs): A Review. 2021 3rd International Congress on Human-Computer Interaction, Optimization and Robotic Applications (HORA). :1–7.
A main type of Mobile Ad hoc Networks (MANET) and essential infrastructure to provide a wide range of safety applications to passengers in vehicles (VANET) are established. VANETs are more popular today as they connect to a variety of invisible services. VANET protection is crucial as its potential use must not endanger the safety and privacy of its users. The safety of these VANETs is essential to safe and efficient safety systems and facilities and uncertainty continues and research in this field continues to grow rapidly. We will explain the characteristics and problems of VANETs in this paper. Also, all threats and attacks that affect integrity and authentication in VANETs will be defined. Description of researchers' work was consequently addressed as the table with the problems of the suggested method and objective.
2021-02-08
Jain, S., Sharma, S., Chandavarkar, B. R..  2020.  Mitigating Man-in-the-Middle Attack in Digital Signature. 2020 11th International Conference on Computing, Communication and Networking Technologies (ICCCNT). :1–5.
We all are living in the digital era, where the maximum of the information is available online. The digital world has made the transfer of information easy and provides the basic needs of security like authentication, integrity, nonrepudiation, etc. But, with the improvement in security, cyber-attacks have also increased. Security researchers have provided many techniques to prevent these cyber-attacks; one is a Digital Signature (DS). The digital signature uses cryptographic key pairs (public and private) to provide the message's integrity and verify the sender's identity. The private key used in the digital signature is confidential; if attackers find it by using various techniques, then this can result in an attack. This paper presents a brief introduction about the digital signature and how it is vulnerable to a man-in-the-middle attack. Further, it discusses a technique to prevent this attack in the digital signature.
2020-12-17
Promyslov, V., Semenkov, K..  2020.  Security Threats for Autonomous and Remotely Controlled Vehicles in Smart City. 2020 International Conference on Industrial Engineering, Applications and Manufacturing (ICIEAM). :1—5.

The paper presents a comprehensive model of cybersecurity threats for a system of autonomous and remotely controlled vehicles (AV) in the environment of a smart city. The main focus in the security context is given to the “integrity” property. That property is of higher importance for industrial control systems in comparison with other security properties (availability and confidentiality). The security graph, which is part of the model, is dynamic, and, in real cases, its analysis may require significant computing resources for AV systems with a large number of assets and connections. The simplified example of the security graph for the AV system is presented.

2020-04-20
Zaw, Than Myo, Thant, Min, Bezzateev, S. V..  2019.  Database Security with AES Encryption, Elliptic Curve Encryption and Signature. 2019 Wave Electronics and its Application in Information and Telecommunication Systems (WECONF). :1–6.

A database is an organized collection of data. Though a number of techniques, such as encryption and electronic signatures, are currently available for the protection of data when transmitted across sites. Database security refers to the collective measures used to protect and secure a database or database management software from illegitimate use and malicious threats and attacks. In this paper, we create 6 types of method for more secure ways to store and retrieve database information that is both convenient and efficient. Confidentiality, integrity, and availability, also known as the CIA triad, is a model designed to guide policies for information security within the database. There are many cryptography techniques available among them, ECC is one of the most powerful techniques. A user wants to the data stores or request, the user needs to authenticate. When a user who is authenticated, he will get key from a key generator and then he must be data encrypt or decrypt within the database. Every keys store in a key generator and retrieve from the key generator. We use 256 bits of AES encryption for rows level encryption, columns level encryption, and elements level encryption for the database. Next two method is encrypted AES 256 bits random key by using 521 bits of ECC encryption and signature for rows level encryption and column level encryption. Last method is most secure method in this paper, which method is element level encryption with AES and ECC encryption for confidentiality and ECC signature use for every element within the database for integrity. As well as encrypting data at rest, it's also important to ensure confidential data are encrypted in motion over our network to protect against database signature security. The advantages of elements level are difficult for attack because the attacker gets a key that is lose only one element. The disadvantages need to thousands or millions of keys to manage.

2020-04-17
Mueller, Tobias, Klotzsche, Daniel, Herrmann, Dominik, Federrath, Hannes.  2019.  Dangers and Prevalence of Unprotected Web Fonts. 2019 International Conference on Software, Telecommunications and Computer Networks (SoftCOM). :1—5.

Most Web sites rely on resources hosted by third parties such as CDNs. Third parties may be compromised or coerced into misbehaving, e.g. delivering a malicious script or stylesheet. Unexpected changes to resources hosted by third parties can be detected with the Subresource Integrity (SRI) mechanism. The focus of SRI is on scripts and stylesheets. Web fonts cannot be secured with that mechanism under all circumstances. The first contribution of this paper is to evaluates the potential for attacks using malicious fonts. With an instrumented browser we find that (1) more than 95% of the top 50,000 Web sites of the Tranco top list rely on resources hosted by third parties and that (2) only a small fraction employs SRI. Moreover, we find that more than 60% of the sites in our sample use fonts hosted by third parties, most of which are being served by Google. The second contribution of the paper is a proof of concept of a malicious font as well as a tool for automatically generating such a font, which targets security-conscious users who are used to verifying cryptographic fingerprints. Software vendors publish such fingerprints along with their software packages to allow users to verify their integrity. Due to incomplete SRI support for Web fonts, a third party could force a browser to load our malicious font. The font targets a particular cryptographic fingerprint and renders it as a desired different fingerprint. This allows attackers to fool users into believing that they download a genuine software package although they are actually downloading a maliciously modified version. Finally, we propose countermeasures that could be deployed to protect the integrity of Web fonts.

2020-03-09
Patil, Jagruti M., Chaudhari, Sangita S..  2019.  Efficient Privacy Preserving and Dynamic Public Auditing for Storage Cloud. 2019 International Conference on Nascent Technologies in Engineering (ICNTE). :1–6.
In recent years, cloud computing has gained lots of importance and is being used in almost all applications in terms of various services. One of the most widely used service is storage as a service. Even though the stored data can be accessed from anytime and at any place, security of such data remains a prime concern of storage server as well as data owner. It may possible that the stored data can be altered or deleted. Therefore, it is essential to verify the correctness of data (auditing) and an agent termed as Third Party Auditor (TPA) can be utilised to do so. Existing auditing approaches have their own strengths and weakness. Hence, it is essential to propose auditing scheme which eliminates limitations of existing auditing mechanisms. Here we are proposing public auditing scheme which supports data dynamics as well as preserves privacy. Data owner, TPA, and cloud server are integral part of any auditing mechanism. Data in the form of various blocks are encoded, hashed, concatenated and then signature is calculated on it. This scheme also supports data dynamics in terms of addition, modification and deletion of data. TPA reads encoded data from cloud server and perform hashing, merging and signature calculation for checking correctness of data. In this paper, we have proposed efficient privacy preserving and dynamic public auditing by utilizing Merkle Hash Tree (MHT) for indexing of encoded data. It allows updating of data dynamically while preserving data integrity. It supports data dynamics operations like insert, modify and deletion. Several users can request for storage correctness simultaneously and it will be efficiently handled in the proposed scheme. It also minimizes the communication and computing cost. The proposed auditing scheme is experimented and results are evaluated considering various block size and file size parameters.
2020-02-24
Anand, Shajina, Raja, Gunasekaran, Anand, Gokul, Chauhdary, Sajjad Hussain, Bashir, Ali Kashif.  2019.  Mirage: A Protocol for Decentralized and Secured Communication of IoT Devices. 2019 IEEE 10th Annual Ubiquitous Computing, Electronics Mobile Communication Conference (UEMCON). :1074–1080.
Internet of Things (IoT) is rapidly emerging as the manifestation of the networked society vision. But its centralized architecture will lead to a single point of failure. On the other hand, it will be difficult to handle communications in the near future considering the rapid growth of IoT devices. Along with its popularity, IoT suffers from a lot of vulnerabilities, which IoT developers are constantly working to mitigate. This paper proposes a new protocol called Mirage which can be used for secure and decentralized communication of IoT devices. This protocol is built based on security principles. Out of which Mirage mainly focuses on authentication, integrity, and non-repudiation. In this protocol, devices are authenticated via secret keys known only to the parties involved in the communication. These secret keys are not static and will be constantly changing for every communication. For ensuring integrity, an intermediary is asked to exchange the hash of the messages. As the intermediary nodes are lending their computing and networking powers, they should be rewarded. To ensure non-repudiation, instead of going for trusted third parties, blockchain technology is used. Every node in the network needs to spend a mirage token for sending a message. Mirage tokens will be provided only to those nodes, who help in exchanging the hashes as a reward. In the end, a decentralized network of IoT devices is formed where every node contribute to the security of the network.
2020-01-21
Harttung, Julian, Franz, Elke, Moriam, Sadia, Walther, Paul.  2019.  Lightweight Authenticated Encryption for Network-on-Chip Communications. Proceedings of the 2019 on Great Lakes Symposium on VLSI. :33–38.
In recent years, Network-on-Chip (NoC) has gained increasing popularity as a promising solution for the challenging interconnection problem in multi-processor systems-on-chip (MPSoCs). However, the interest of adversaries to compromise such systems grew accordingly, mandating the integration of security measures into NoC designs. Within this paper, we introduce three novel lightweight approaches for securing communication in NoCs. The suggested solutions combine encryption, authentication, and network coding in order to ensure confidentiality, integrity, and robustness. With performance being critical in NoC environments, our solutions particularly emphasize low latencies and low chip area. Our approaches were evaluated through extensive software simulations. The results have shown that the performance degradation induced by the protection measures is clearly outweighed by the aforementioned benefits. Furthermore, the area overhead implied by the additional components is reasonably low.
2020-01-07
Hammami, Hamza, Brahmi, Hanen, Ben Yahia, Sadok.  2018.  Secured Outsourcing towards a Cloud Computing Environment Based on DNA Cryptography. 2018 International Conference on Information Networking (ICOIN). :31-36.

Cloud computing denotes an IT infrastructure where data and software are stored and processed remotely in a data center of a cloud provider, which are accessible via an Internet service. This new paradigm is increasingly reaching the ears of companies and has revolutionized the marketplace of today owing to several factors, in particular its cost-effective architectures covering transmission, storage and intensive data computing. However, like any new technology, the cloud computing technology brings new problems of security, which represents the main restrain on turning to this paradigm. For this reason, users are reluctant to resort to the cloud because of security and protection of private data as well as lack of trust in cloud service providers. The work in this paper allows the readers to familiarize themselves with the field of security in the cloud computing paradigm while suggesting our contribution in this context. The security schema we propose allowing a distant user to ensure a completely secure migration of all their data anywhere in the cloud through DNA cryptography. Carried out experiments showed that our security solution outperforms its competitors in terms of integrity and confidentiality of data.

2019-12-18
Alperovitch, Dmitri.  2011.  Towards establishment of cyberspace deterrence strategy. 2011 3rd International Conference on Cyber Conflict. :1–8.
The question of whether strategic deterrence in cyberspace is achievable given the challenges of detection, attribution and credible retaliation is a topic of contention among military and civilian defense strategists. This paper examines the traditional strategic deterrence theory and its application to deterrence in cyberspace (the newly defined 5th battlespace domain, following land, air, sea and space domains), which is being used increasingly by nation-states and their proxies to achieve information dominance and to gain tactical and strategic economic and military advantage. It presents a taxonomy of cyberattacks that identifies which types of threats in the confidentiality, integrity, availability cybersecurity model triad present the greatest risk to nation-state economic and military security, including their political and social facets. The argument is presented that attacks on confidentiality cannot be subject to deterrence in the current international legal framework and that the focus of strategy needs to be applied to integrity and availability attacks. A potential cyberdeterrence strategy is put forth that can enhance national security against devastating cyberattacks through a credible declaratory retaliation capability that establishes red lines which may trigger a counter-strike against all identifiable responsible parties. The author believes such strategy can credibly influence nation-state threat actors who themselves exhibit serious vulnerabilities to cyber attacks from launching a devastating cyber first strike.