Biblio

Named Data Networking (NDN) has been viewed as a promising future Internet architecture. It requires a new access control scheme to prevent the injection of unauthorized data request. In this paper, an access control supported by information service entity (ACISE) is proposed for NDN networks. A trust entity, named the information service entity (ISE), is deployed in each domain for the registration of the consumer and the edge router. The identity-based cryptography (IBC) is used to generate a private key for the authorized consumer at the ISE and to calculate a signature encapsulated in the Interest packet at the consumer. Therefore, the edge router could support the access control by the signature verification of the Interest packets so that no Interest packet from unauthorized consumer could be forwarded or replied. Moreover, shared keys are negotiated between authorized consumers and their edge routers. The subsequent Interest packets would be verified by the message authentication code (MAC) instead of the signature. The simulation results have shown that the ACISE scheme would achieve a similar response delay to the original NDN scheme when the NDN is under no attacks. However, the ACISE scheme is immune to the cache pollution attacks so that it could maintain a much smaller response delay compared to the other schemes when the NDN network is under the attacks.

The Industrial Internet expands the attack surface of industrial control systems(ICS), bringing cybersecurity threats to industrial controllers located in operation technology(OT) networks. Honeypot technology is an important means to detect network attacks. However, the existing honeypot system cannot simulate business logic and is difficult to resist highly concealed APT attacks. This paper proposes a high-simulation ICS security defense framework based on virtualization technology. The framework utilizes virtualization technology to build twins for protected control systems. The architecture can infer the execution results of control instructions in advance based on actual production data, so as to discover hidden attack behaviors in time. This paper designs and implements a prototype system and demonstrates the effectiveness and potential of this architecture for ICS security.

Information privacy and security has become a necessity in the rapid growth of computer technology. A new algorithm for image encryption is proposed in this paper; using hash functions, chaotic map and two levels of diffusion process. The initialization key for chaos map is generated with the help of two hash functions. The initial seed for these hash functions is the sum of rows, columns and pixels across the diagonal of the plain image. Firstly, the image is scrambled using quantization unit. In the first level of diffusion process, the pixel values of the scrambled image are XOR with the normalized chaotic map. Odd pixel value is XOR with an even bit of chaotic map and even pixel is XOR with an odd bit of chaotic map. To achieve strong encryption, the image undergoes a second level of diffusion process where it is XOR with the map a finite number of times. After every round, the pixel array is circular shifted three times to achieve a strong encrypted image. The experimental and comparative analysis done with state of the art techniques on the proposed image encryption algorithm shows that it is strong enough to resist statistical and differential attacks present in the communication channel.

The use of image data in multimedia communication based applications like military applications and medical images security applications are increasing every day and the secrecy of the image data is extremely important for such applications. A number of methods and techniques for securely transmitting images are proposed in the literature based on image encryption and steganography approaches. A novel mechanism for transmitting color images securely is proposed in this paper mainly based on public key cryptography mechanism also by combining the advantage of simplicity of symmetric schemes. The technique combines the strengths of Elliptic Curve Cryptography and the classical symmetric cryptographic mechanism called Hill Cipher encryption method. The technique also includes the concept of Magic Square for jumbling the pixels yielding maximum diffusion in the image pixels. In the performance evaluation, the proposed method proved that the new system works pretty well. The method is proved to be effective in maintaining the confidentiality of the image in transit and also for resisting security attacks.

Redactable blockchain allows modifiers or voting committees with modification privileges to edit the data on the chain. Among them, trapdoor holders in chameleon-based hash redactable blockchains can quickly compute hash collisions for arbitrary data without breaking the link of the hash-chain. However, chameleon-based hash redactable blockchain schemes have difficulty solving issues such as editing operations with different granularity or conflicts and auditing modifiers that abuse editing privileges. To address the above challenges, we propose a redactable blockchain with Cross-audit and Diversity Editing (CDEdit). The proposed scheme distributes subdivided transaction-level and block-level tokens to the matching modifier committee to weaken the influence of central power. A number of modifiers are unpredictably selected based on reputation value proportions and the mapping of the consistent hash ring to enable diversity editing operations, and resist Sybil attacks. Meanwhile, an adaptive cross-auditing protocol is proposed to adjust the roles of modifiers and auditors dynamically. This protocol imposes a reputation penalty on the modifiers of illegal edits and solves the problems of abuse of editing privileges and collusion attacks. In addition, We used ciphertext policy attribute-based encryption (CP-ABE) and chameleon hashes with ephemeral trapdoor (CHET) for data modification, and present a system steps and security analysis of CDEdit. Finally, the extensive comparisons and evaluations show that our scheme costs less time overhead than other schemes and is suitable for complex application scenarios, e.g. IoT data management.

Counterfeited products are a significant problem in both developed and developing countries and has become more critical as an aftermath of COVID-19, exclusively for drugs and medical equipment’s. In this paper, an innovative approach is proposed to resist counterfeiting which is based on the principles of Synthetic DNA. The proposed encryption approach has employed the distinctive features of synthetic DNA in amalgamation with DNA encryption to provide information security and functions as an anticounterfeiting method that ensures usability. The scheme’s security analysis and proof of concept are detailed. Scyther is used to carry out the formal analysis of the scheme, and all of the modeled assertions are verified without any attacks.

Wireless sensor networks are used in many areas such as war field surveillance, monitoring of patient, controlling traffic, environmental and building surveillance. Wireless technology, on the other hand, brings a load of new threats with it. Because WSNs communicate across radio frequencies, they are more susceptible to interference than wired networks. The authors of this research look at the goals of WSNs in terms of security as well as DDOS attacks. The majority of techniques are available for detecting DDOS attacks in WSNs. These alternatives, on the other hand, stop the assault after it has begun, resulting in data loss and wasting limited sensor node resources. The study finishes with a new method for detecting the UDP Reflection Amplification Attack in WSN, as well as instructions on how to use it and how to deal with the case.

Watermarking is one of the most common data hiding techniques for multimedia elements. Broadcasting, copy control, copyright protection and authentication are the most frequently used application areas of the watermarking. Secret data can be embedded into the cover image with changing the values of the pixels in spatial domain watermarking. In addition to this method, cover image can be converted into one of the transformation such as Discrete Wavelet Transformation (DWT), Discrete Cousin Transformation (DCT) and Discrete Fourier Transformation (DFT). Later on watermark can be embedded high frequencies of transformation coefficients. In this work, cover image transformed one, two and three level DWT decompositions. Binary watermark is hided into the low and high frequencies in each decomposition. Experimental results show that watermarked image is robust, secure and resist against several geometric attacks especially JPEG compression, Gaussian noise and histogram equalization. Peak Signal-to-Noise Ratio (PSNR) and Similarity Ratio (SR) values show very optimal results when we compare the other frequency and spatial domain algorithms.

In recent years, with the occurrence of climate change and various extreme events, the research on the resistance of physical information systems to large-scale complex faults is of great significance. Propose a power information system to deal with complex faults in extreme weather, establish an anti-interference framework, construct a regional anti-interference strategy based on regional load output matching and topological connectivity, and propose branch active power adjustment methods to reduce disasters. In order to resist the risk of system instability caused by overrun of branch power and phase disconnection, the improved IEEE33 node test system simulation shows that this strategy can effectively reduce the harm of large-scale and complex faults.

With the rapid development of Internet Technology in recent years, the demand for security support for complex applications is becoming stronger and stronger. Intel Software Guard Extensions (Intel SGX) is created as an extension of Intel Systems to enhance software security. Intel SGX allows application developers to create so-called enclave. Sensitive application code and data are encapsulated in Trusted Execution Environment (TEE) by enclave. TEE is completely isolated from other applications, operating systems, and administrative programs. Enclave is the core structure of Intel SGX Technology. Enclave supports multi-threading. Thread Control Structure (TCS) stores special information for restoring enclave threads when entering or exiting enclave. Each execution thread in enclave is associated with a TCS. This paper analyzes and verifies the possible security risks of enclave under concurrent conditions. It is found that in the case of multithread concurrency, a single enclave cannot resist flooding attacks, and related threads also throw TCS exception codes.

With the development of the Internet of Things (IoT), the demand for lightweight cipher came into being. At the same time, the security of lightweight cipher has attracted more and more attention. FESH algorithm is a lightweight cipher proposed in 2019. Relevant studies have proved that it has strong ability to resist differential attack and linear attack, but its research on resisting side-channel attack is still blank. In this paper, we first introduce a correlation power analysis for FESH algorithm and prove its effectiveness by experiments. Then we propose a mask scheme for FESH algorithm, and prove the security of the mask. According to the experimental results, protected FESH only costs 8.6%, 72.3%, 16.7% of extra time, code and RAM.

Operating systems are essential software components for any computer. The goal of computer system manu-facturers is to provide a safe operating system that can resist a range of assaults. APTs (Advanced Persistent Threats) are merely one kind of attack used by hackers to penetrate organisations (APT). Here, we will apply the MITRE ATT&CK approach to analyze the security of Windows and Linux. Using the results of a series of vulnerability tests conducted on Windows 7, 8, 10, and Windows Server 2012, as well as Linux 16.04, 18.04, and its most current version, we can establish which operating system offers the most protection against future assaults. In addition, we have shown adversarial reflection in response to threats. We used ATT &CK framework tools to launch attacks on both platforms.

Memory-based vulnerabilities are becoming more and more common in low-power and low-cost devices in IOT. We study several low-level vulnerabilities that lead to memory corruption in C and C++ programs, and how to use stack corruption and format string attack to exploit these vulnerabilities. Automatic methods for resisting memory attacks, such as stack canary and address space layout randomization ASLR, are studied. These methods do not need to change the source program. However, a return-oriented programming (ROP) technology can bypass them. Control flow integrity (CFI) can resist the destruction of ROP technology. In fact, the security design is holistic. Finally, we summarize the rules of security coding in embedded devices, and propose two novel methods of software anomaly detection process for IOT devices in the future.

Sample-then-lock construction is a reusable fuzzy extractor for low-entropy sources. When applied on iris recognition scenarios, many subsets of an iris-code are used to lock the cryptographic key. The security of this construction relies on the entropy of subsets of iris codes. Simhadri et al. reported a security level of 32 bits on iris sources. In this paper, we propose two kinds of attacks to crack existing sample-then-lock schemes. Exploiting the low-entropy subsets, our attacks can break the locked key and the enrollment iris-code respectively in less than 220 brute force attempts. To protect from these proposed attacks, we design an improved sample-then-lock scheme. More precisely, our scheme employs stability and discriminability to select high-entropy subsets to lock the genuine secret, and conceals genuine locker by a large amount of chaff lockers. Our experiment verifies that existing schemes are vulnerable to the proposed attacks with a security level of less than 20 bits, while our scheme can resist these attacks with a security level of more than 100 bits when number of genuine subsets is 106.

Integration of technology with power grid emerged Smart grid. The advancement of power grid into smart grid faces some security issues like message mod-ification attacks, message injection attacks etc. If these issues are correctly not addressed, then the performance of the smart grid is degraded. Smart grid has bidirectional communication among the smart grid entities. The flow of user energy consumption information between all smart grid entities may lead the user privacy violation. Smart grids have various components but service providers and smart meters are the main components. Smart meters have sensing and communication functionality, while service providers have control and communication functionality. There are many privacy preservation schemes proposed that ensure the cus-tomer's privacy in the smart grid. To preserve the customer's data privacy and communication, authentication and key agreement schemes are required between the smart meter and the service provider. This paper proposes an efficient key agreement protocol to handle several security challenges in smart grid. The proposed protocol is tested against the various security attributes necessary for a key establishment protocol and found safe. Further the performance of the proposed work is compared with several others existing work for smart grid application and it has been observed that the proposed protocol performs significantly better than the existing protocols available in the literature.

Cloud data integrity verification was an important means to ensure data security. We used public key infrastructure (PKI) to manage user keys in Traditional way, but there were problems of certificate verification and high cost of key management. In this paper, RSA signature was used to construct a new identity-based cloud audit protocol, which solved the previous problems caused by PKI and supported forward security, and reduced the loss caused by key exposure. Through security analysis, the design scheme could effectively resist forgery attack and support forward security.

With the rapid development of power Internet of Things (IoT), the ubiquitous edge agents are frequently exposed in a risky environment, where the white-box attacker could steal all the internal information by full observation of dynamic execution of the cryptographic software. In this situation, a new table-based white-box cryptography implementation of SM4 algorithm is proposed to prevent the attacker from extracting the secret key, which hides the encryption and decryption process in obfuscated lookup tables. Aiming to improve the diversity and ambiguity of the lookup tables as well as resist different types of white-box attacks, the random bijective nonlinear mappings are applied as scrambling encodings of the lookup tables. Moreover, in order to make our implementation more practical in the resource-constrained edge IoT agent, elaborate design is proposed to make some tables reusability, leading to less memory occupation while guaranteeing the security. The validity and security of the proposed implementation will be illustrated through several evaluation indicators.

Disinformation, fake news, and unverified rumors spread quickly in online social networks (OSNs) and manipulate people's opinions and decisions about life events. The solid mathematical solutions of the strategic decisions in OSNs have been provided under game theory models, including multiple roles and features. This work proposes a game-theoretic opinion framework to model subjective opinions and behavioral strategies of attackers, users, and a defender. The attackers use information deception models to disseminate disinformation. We investigate how different game-theoretic opinion models of updating people's subject opinions can influence a way for people to handle disinformation. We compare the opinion dynamics of the five different opinion models (i.e., uncertainty, homophily, assertion, herding, and encounter-based) where an opinion is formulated based on Subjective Logic that offers the capability to deal with uncertain opinions. Via our extensive experiments, we observe that the uncertainty-based opinion model shows the best performance in combating disinformation among all in that uncertainty-based decisions can significantly help users believe true information more than disinformation.

In the industrial control system, in order to solve the problem that the installation of smart devices in a transparent environment are faced with the unknown attack problems, because most of the industrial control equipment to detect unknown risks, Therefore, by studying the security protection of the current industrial control system and the trust mechanism that should be widely used in the Internet of things, this paper presents the abnormal node detection mode based on comprehensive trust applied to the industrial control system scenarios. This model firstly proposes a model, which fuses direct and indirect trust values into current trust values through support algorithm and vector similarity algorithm, and then combines them with historical trust values, and gives the calculation method of each trust value. Finally, a method to determine abnormal nodes based on comprehensive trust degree is given to realize a detection process for all industrial control nodes. By analyzing the real data case provided by Melbourne Water, it is concluded that this model can improve the detection range and detection accuracy of abnormal nodes. It can accurately judge and effectively resist malicious behavior and also have a good resistance to aggression.

The mechanism of Fog computing is a distributed infrastructure to provide the computations as same as cloud computing. The fog computing environment provides the storage and processing of data in a distributed manner based on the locality. Fog servicing is better than cloud service for working with smart devices and users in a same locale. However the fog computing will inherit the features of the cloud, it also suffers from many security issues as cloud. One such security issue is authentication with efficient key management between the communicating entities. In this paper, we propose a secured two-way authentication scheme with efficient management of keys between the user mobile device and smart devices under the control of the fog server. We made use of operations such as one-way hash (SHA-512) functions, bitwise XOR, and fuzzy extractor function to make the authentication system to be better. We have verified the proposed scheme for its security effectiveness by using a well-used analysis tool ProVerif. We also proved that it can resist multiple attacks and the security overhead is reduced in terms of computation and communication cost as compared to the existing methods.

Traditional passive defense methods cannot resist the constantly updated and evolving cyber attacks. The concept of resilience is introducing to measure the ability of the system to maintain its function under attack. It matters in evaluating the security of modern industrial systems. This paper presents a 3D Resilience State Space method to assess Communication-based train control (CBTC) system resilience under malware attack. We model the spread of malware as two functions: the communicability function \$f\$(x) and the susceptibility function 9 (x). We describe the characteristics of these two function in the CBTC complex network by using the percolation theory. Then we use a perturbation formalism to analyze the impact of malware attack on information flow and use it as an indicator of the cyber layer state. The CBTC cyber-physical system resilience metric formalizes as the system state transitions in three-dimensional state space. The three dimensions respectively represent the cyber layer state, the physical layer state, and the transmission layer state. The simulation results reveal that the proposed framework can effectively assess the resilience of the CBTC system. And the anti-malware programs can prevent the spread of malware and improve CBTC system resilience.

With the increasing application of micro-nano satellite network, it is extremely vulnerable to the influence of internal malicious nodes in the practical application process. However, currently micro-nano satellite network still lacks effective means of routing security protection. In order to solve this problem, combining with the characteristics of limited energy and computing capacity of micro-nano satellite nodes, this research proposes a secure routing algorithm based on trust value. First, the trust value of the computing node is synthesized, and then the routing path is generated by combining the trust value of the node with the AODV routing algorithm. Simulation results show that the proposed MNS-AODV routing algorithm can effectively resist the influence of internal malicious nodes on data transmission, and it can reduce the packet loss rate and average energy consumption.

Traditional DDoS attacks mainly send massive data packets through the attacking machine, consuming the network resources or server resources of the target server, making users unable to use server resources to achieve the purpose of denial of service. This type of attack is called a Flooding-based DDoS (FDDoS) attack. It has the characteristics of large traffic and suddenness. However, Low-rate DDoS (LDDoS) attack is a new type of DDoS attack. LDDoS utilize the TCP congestion control mechanism and sends periodic pulses to attack, which can seriously reduce the TCP flow throughput of the attacked link. It has the characteristics of small traffic and strong concealment. Each of these two DDoS attack methods has its own hard-to-handle characteristics, so that there is currently no particularly effective method to prevent such attacks. This paper uses time-frequency analysis to classify and filter DDoS traffic. The proposed filtering method is designed as a system in the actual environment. Experimental results show that the designed filtering algorithm can resist not only FDDoS attacks, but also LDDoS attacks.

With the increase of computing power of quantum computers, classical cryptography schemes such as RSA and ECC are no longer secure in the era of quantum computers. The Cryptosystem based on coding has the advantage of resisting quantum computing and has a good application prospect in the future. McEliece Public Key Cryptography is a cryptosystem based on coding theory, whose security can be reduced to the decoding problem of general linear codes and can resist quantum attacks. Therefore, this paper proposes a cryptosystem based on the Polar-LDPC Concatenated Codes, which is an improvement on the original McEliece cipher scheme. The main idea is to take the generation matrix of Polar code and LDPC code as the private key, and the product of their hidden generation matrix as the public key. The plain text is encoded by Polar code and LDPC code in turn to obtain the encrypted ciphertext. The decryption process is the corresponding decoding process. Then, the experimental data presented in this paper prove that the proposed scheme can reduce key size and improve security compared with the original McEliece cryptosystem under the condition of selecting appropriate parameters. Moreover, compared with the improvement schemes based on McEliece proposed in recent years, the proposed scheme also has great security advantages.

Fully homomorphic encryption (FHE) provides effective security assurance for privacy computing in cloud environments. But the existing FHE schemes are generally faced with challenges including using single-bit encryption and large ciphertext noise, which greatly affects the encryption efficiency and practicability. In this paper, a low-noise FHE scheme supporting multi-bit encryption is proposed based on the HAO scheme. The new scheme redesigns the encryption method without changing the system parameters and expands the plaintext space to support the encryption of integer matrices. In the process of noise reduction, we introduce a PNR method and use the subGaussian distribution theory to analyze the ciphertext noise. The security and the efficiency analysis show that the improved scheme can resist the chosen plaintext attack and effectively reduce the noise expansion rate. Comparative experiments show that the scheme has high encryption efficiency and is suitable for the privacy-preserving computation of integer matrices.