Biblio

IoT connects a large number of physical objects with the Internet that capture and exchange real-time information for service provisioning. Traditional network management schemes face challenges to manage vast amounts of network traffic generated by IoT services. Software-defined networking (SDN) and information-centric networking (ICN) are two complementary technologies that could be integrated to solve the challenges of different aspects of IoT service provisioning. ICN offers a clean-slate design to accommodate continuously increasing network traffic by considering content as a network primitive. It provides a novel solution for information propagation and delivery for large-scale IoT services. On the other hand, SDN allocates overall network management responsibilities to a central controller, where network elements act merely as traffic forwarding components. An SDN-enabled network supports ICN without deploying ICN-capable hardware. Therefore, the integration of SDN and ICN provides benefits for large-scale IoT services. This article provides a comprehensive survey on software-defined information-centric Internet of Things (SDIC-IoT) for IoT service provisioning. We present critical enabling technologies of SDIC-IoT, discuss its architecture, and describe its benefits for IoT service provisioning. We elaborate on key IoT service provisioning requirements and discuss how SDIC-IoT supports different aspects of IoT services. We define different taxonomies of SDIC-IoT literature based on various performance parameters. Furthermore, we extensively discuss different use cases, synergies, and advances to realize the SDIC-IoT concept. Finally, we present current challenges and future research directions of IoT service provisioning using SDIC-IoT.

In case of deploying additional network security equipment in a new location, network service providers face difficulties such as precise management of large number of network security equipment and expensive network operation costs. Accordingly, there is a need for a method for security-aware network service provisioning using the existing network security equipment. In order to solve this problem, there is an existing reinforcement learning-based routing decision method fixed for each node. This method performs repeatedly until a routing decision satisfying end-to-end security constraints is achieved. This generates a disadvantage of longer network service provisioning time. In this paper, we propose security constraints reinforcement learning based routing (SCRR) algorithm that generates routing decisions, which satisfies end-to-end security constraints by giving conditional reward values according to the agent state-action pairs when performing reinforcement learning.

Supply chain security threats pose new challenges to security risk modeling techniques for complex ICT systems such as the IoT. With established techniques drawn from attack trees and reliability analysis providing needed points of reference, graph-based analysis can provide a framework for considering the role of suppliers in such systems. We present such a framework here while highlighting the need for a component-centered model. Given resource limitations when applying this model to existing systems, we study various classes of uncertainties in model development, including structural uncertainties and uncertainties in the magnitude of estimated event probabilities. Using case studies, we find that structural uncertainties constitute a greater challenge to model utility and as such should receive particular attention. Best practices in the face of these uncertainties are proposed.

System recommendation is currently on the rise: more and more e-commerce rely on this feature to give more privilege to their users. However, system recommendation still faces a lot of problems that can lead to its downfall. For instance, the cold start problem and lack of privacy for user’s data in system recommendation will make the quality of this system lesser than ever. Moreover, e-commerce also faces another significant issue which is the lack of social presence. Compared to offline shopping, online shopping in e-commerce may be seen as lacking human presence and sociability as it is more impersonal, cold, automated, and generally devoid of face-to-face interactions. Hence, all of those issues mentioned above may lead to the regression of user’s trust toward e-commerce itself. This study will focus on solving those problems using conversational design interaction in the form of a Virtual Agent. This Virtual Agent can help e-commerce gather user preferences and give clear and direct information regarding the use of user’s data as well as help the user find products, promo, or similar products that they seek in e-commerce. The final result of this solution is a high fidelity prototype designed using User-Centered Design Methodology and Natural Conversational Framework. The implementation of this solution is carried out in Shopee e-commerce by modifying their product recommendation system. This prototype was measured using the usability testing method for usability goals efficient to use and user experience goals helpful.

Generative Adversarial Networks (GANs) are machine learning methods that are used in many important and novel applications. For example, in imaging science, GANs are effectively utilized in generating image datasets, photographs of human faces, image and video captioning, image-to-image translation, text-to-image translation, video prediction, and 3D object generation to name a few. In this paper, we discuss how GANs can be used to create an artificial world. More specifically, we discuss how GANs help to describe an image utilizing image/video captioning methods and how to translate the image to a new image using image-to-image translation frameworks in a theme we desire. We articulate how GANs impact creating a customized world.

Cyber resilience has become a strategic point of information security in recent years. In the face of complex attack means and severe internal and external threats, it is difficult to achieve 100% protection against information systems. It is necessary to enhance the continuous service of information systems based on network resiliency and take appropriate compensation measures in case of protection failure, to ensure that the mission can still be achieved under attack. This paper combs the definition, cycle, and state of cyber resilience, and interprets the cyber resiliency engineering framework, to better understand cyber resilience. In addition, we also discuss the evolution of security architecture and analyze the impact of cyber resiliency on security architecture. Finally, the strategies and schemes of enhancing cyber resilience represented by zero trust and endogenous security are discussed.

Cyber-physical systems (CPS) and IoT systems are nowadays commonly designed as self-adaptive, endowing them with the ability to dynamically reconFigure to reflect their changing environment. This adaptation concerns also the security, as one of the most important properties of these systems. Though the state of the art on adaptivity in terms of security related to these systems can often deal well with fully anticipated situations in the environment, it becomes a challenge to deal with situations that are not or only partially anticipated. This uncertainty is however omnipresent in these systems due to humans in the loop, open-endedness and only partial understanding of the processes happening in the environment. In this paper, we partially address this challenge by featuring an approach for tackling access control in face of partially unanticipated situations. We base our solution on special kind of aspects that build on existing access control system and create a second level of adaptation that addresses the partially unanticipated situations by modifying access control rules. The approach is based on our previous work where we have analyzed and classified uncertainty in security and trust in such systems and have outlined the idea of access-control related situational patterns. The aspects that we present in this paper serve as means for application-specific specialization of the situational patterns. We showcase our approach on a simplified but real-life example in the domain of Industry 4.0 that comes from one of our industrial projects.

In recent years, the advent of deep learning-based techniques and the significant reduction in the cost of computation resulted in the feasibility of creating realistic videos of human faces, commonly known as DeepFakes. The availability of open-source tools to create DeepFakes poses as a threat to the trustworthiness of the online media. In this work, we develop an open-source online platform, known as DeepFake-o-meter, that integrates state-of-the-art DeepFake detection methods and provide a convenient interface for the users. We describe the design and function of DeepFake-o-meter in this work.

The ever-growing advances in science and technology have led to a rapid increase in the complexity of most engineered systems. Cyber-physical Systems (CPSs) are the result of this technology advancement that involves new paradigms, architectures and functionalities derived from different engineering domains. Due to the nature of CPSs, which are composed of many heterogeneous components that constantly interact one another and with the environment, it is difficult to study, explain hypothesis and evaluate design alternatives without using Modeling and Simulation (M&S) approaches. M&S is increasingly used in the CPS domain with different objectives; however, its adoption is not easy and straightforward but can lead to pitfalls that need to be recognized and addressed. This paper identifies some important pitfalls deriving from the application of M&S approaches to the CPS study and presents remedies, which are already available in the literature, to prevent and face them.

Recent developments in deepfake technology are increasing new security threats. To solve these issues, various detection methods have been proposed including the methods utilizing biological signals captured by R-PPG. However, existing methods have limitations in terms of detection accuracy and generalized performance. In this paper, we present our approach for R-PPG-based BPM (Beats Per Minute) analysis for effective deepfake detection. With the selected deepfake datasets, we performed (a) comparison and analysis of conditions for BPM processing, and (b) BPM extraction by dividing the face into 16 regions and comparison of BPM in each region. The results showed that our proposed BPM-related properties are effective in deepfake detection.

This Wiping Tool is an anti-forensic tool that is built to wipe data permanently from laptop's storage. This tool is capable to ensure the data from being recovered with any recovery tools. The objective of building this wiping tool is to maintain the confidentiality and integrity of the data from unauthorized access. People tend to delete the file in normal way, however, the file face the risk of being recovered. Hence, the integrity and confidentiality of the deleted file cannot be protected. Through wiping tools, the files are overwritten with random strings to make the files no longer readable. Thus, the integrity and the confidentiality of the file can be protected. Regarding wiping tools, nowadays, lots of wiping tools face issue such as data breach because the wiping tools are unable to delete the data permanently from the devices. This situation might affect their main function and a threat to their users. Hence, a new wiping tool is developed to overcome the problem. A new wiping tool named Data Wiping tool is applying two wiping techniques. The first technique is Randomized Data while the next one is enhancing wiping technique, known as ByteEditor. ByteEditor is a combination of two different techniques, byte editing and byte deletion. With the implementation of Object-Oriented methodology, this wiping tool is built. This methodology consists of analyzing, designing, implementation and testing. The tool is analyzed and compared with other wiping tools before the designing of the tool start. Once the designing is done, implementation phase take place. The code of the tool is created using Visual Studio 2010 with C\# language and being tested their functionality to ensure the developed tool meet the objectives of the project. This tool is believed able to contribute to the development of wiping tools and able to solve problems related to other wiping tools.

Thousands of people have lost their life by COVID-19 infection. Authorities have seen the calamities caused by the corona virus in China. So, when the trace of virus was found in India, the only possible way to stop the spread of the virus was to go into lockdown. In a country like India where a major part of the population depends on the daily wages, being in lockdown started affecting their life. People where tend to go out for getting the food items and other essentials, and this caused the spread of virus. Many were infected and many lost their life by this. Due to the pandemic, the whole world was affected and many people working in foreign countries lost their jobs as well. These people who came back to India caused further spread of the virus. The main reason for the spread is lack of hygiene and a proper system to monitor the symptoms. Even though our country was in lockdown for almost 6 months the number of COVID cases doesn't get diminished. It is not practical to extend the lockdown any further, and people have decided to live with the virus. But it is essential to take the necessary precautions while interacting with the society. Automated system for checking that all the COVID protocols are followed and early symptom identification before entering to a place are essential to stop the spread of the infection. This research work proposes a smart door system, which evaluates the COVID-19 risk factors and collects the data of person before entering into any place, thereby ensuring that non-infected people are only entering to the place and thus the spread of virus can be avoided.

An Information security audit is a process of obtaining objective audit evidence and evaluating it objectively for compliance with audit criteria. Given resource constraints, it's advisable to focus on obtaining evidence that has a significant impact on its effectiveness when developing an audit program to organize the audit. The person managing the audit program faces an urgent task developing an audit program, taking into account the information content of extracted evidence and resource constraints. In practice, evidence cannot be evaluated correctly directly in numerical scales, so they are forced to use less informative scales. The purpose of scientific research is to develop a methodology for assessing the materiality of audit evidence using expert assessments, their statistical processing, and transition to quantitative scales. As a result, the person managing the audit program gets a tool for developing an effective audit program.

In this paper, we propose a new provably secure cryptosystem for two party communication that provides security in the face of new technological breakthroughs. Most of the practical cryptosystems in use today can be breached in the future with new sophisticated methods. This jeopardizes the security of older but highly confidential messages. Our protocol is based on the bounded storage model first introduced in [1]. The protocol is secure as long as there is bound on the storage, however large it may be. We also suggest methods to extend the protocol to unbounded storage models where access to adversary is limited. Our protocol is a substantial improvement over previously known protocols and uses short key and optimal number of public random bits size of which is independent of message length. The smaller and constant length of key and public random string makes the scheme more practical. The protocol generates key using elements of the additive group \$\textbackslashtextbackslashmathbbZ\_\textbackslashtextbackslashmathrmn\$. Our protocol is very generalized and the protocol in [1] is a special case of our protocol. Our protocol is a step forward in making provably secure cryptosystems practical. An important open problem raised in [2] was designing an algorithm with short key and size of public random string \$O(\textbackslashtextbackslashmathcalB)\$ where \$\textbackslashtextbackslashmathcalB\$ bounds the storage of adversary. Our protocol satisfies the conditions and is easy to implement.

With the increasing deployment of enterprise-scale distributed systems, effective and practical defenses for such systems against various security vulnerabilities such as sensitive data leaks are urgently needed. However, most existing solutions are limited to centralized programs. For real-world distributed systems which are of large scales, current solutions commonly face one or more of scalability, applicability, and portability challenges. To overcome these challenges, we develop a novel dynamic taint analysis for enterprise-scale distributed systems. To achieve scalability, we use a multi-phase analysis strategy to reduce the overall cost. We infer implicit dependencies via partial-ordering method events in distributed programs to address the applicability challenge. To achieve greater portability, the analysis is designed to work at an application level without customizing platforms. Empirical results have shown promising scalability and capabilities of our approach.

Over recent years, we have seen a significant rise in popularity of autonomous vehicle. Several researches have shown the severity of security threats that autonomous vehicles face -for example, Miller and Valasek (2015) were able to remotely take complete control over a 2014 Jeep Cherokee in a so called "Jeephack" [1]. This paper analyses the threats that the Electrical and Electronic (E/E) architecture of an autonomous vehicle has to face and rank those threats by severity. To achieve this, the Microsoft's STRIDE threat analysis technique was applied and 13 threats were identified. These are sorted by their Common Vulnerability Scoring System (CVSS) scores. Potential mitigation methods are then suggested for the five topmost severe threats.

In modern internet-scale computing, interaction between a large number of parties that are not known a-priori is predominant, with each party functioning both as a provider and consumer of services and information. In such an environment, traditional access control mechanisms face considerable limitations, since granting appropriate authorizations to each distinct party is infeasible both due to the high number of grantees and the dynamic nature of interactions. Trust management has emerged as a solution to this issue, offering aids towards the automated verification of actions against security policies. In this paper, we present a trust- and risk-based approach to security, which considers status, behavior and associated risk aspects in the trust computation process, while additionally it captures user-to-user trust relationships which are propagated to the device level, through user-to-device ownership links.

Mobile apps exploit embedded sensors and wireless connectivity of a device to empower users with portable computations, context-aware communication, and enhanced interaction. Specifically, mobile health apps (mHealth apps for short) are becoming integral part of mobile and pervasive computing to improve the availability and quality of healthcare services. Despite the offered benefits, mHealth apps face a critical challenge, i.e., security of health-critical data that is produced and consumed by the app. Several studies have revealed that security specific issues of mHealth apps have not been adequately addressed. The objectives of this study are to empirically (a) investigate the challenges that hinder development of secure mHealth apps, (b) identify practices to develop secure apps, and (c) explore motivating factors that influence secure development. We conducted this study by collecting responses of 97 developers from 25 countries - across 06 continents - working in diverse teams and roles to develop mHealth apps for Android, iOS, and Windows platform. Qualitative analysis of the survey data is based on (i) 8 critical challenges, (ii) taxonomy of best practices to ensure security, and (iii) 6 motivating factors that impact secure mHealth apps. This research provides empirical evidence as practitioners' view and guidelines to develop emerging and next generation of secure mHealth apps.

Facial biometrics have the advantages of high reliability, strong distinguishability and easily acquired for authentication. Therefore, it is becoming wildly used in identity authentication filed. However, there are stability, security and privacy issues in generating face key, which brings great challenges to face biometric authentication. In this paper, we propose a biometric key generation scheme based on face image. On the one hand, a deep neural network model for feature extraction is used to improve the stability of identity authentication. On the other hand, a key generation mechanism is designed to generate random biometric key while hiding original facial biometrics to enhance security and privacy of user authentication. The results show the FAR reach to 0.53% and the FRR reach to 0.57% in LFW face database, which achieves the better performance of biometric identification, and the proposed method is able to realize randomness of the generated biometric keys by NIST statistical test suite.

Journalists have long been the targets of both physical and cyber-attacks from well-resourced adversaries. Internet of Things (IoT) devices are arguably a new avenue of threat towards journalists through both targeted and generalised cyber-physical exploitation. This study comprises three parts: First, we interviewed 11 journalists and surveyed 5 further journalists, to determine the extent to which journalists perceive threats through the IoT, particularly via consumer IoT devices. Second, we surveyed 34 cyber security experts to establish if and how lay-people can combat IoT threats. Third, we compared these findings to assess journalists' knowledge of threats, and whether their protective mechanisms would be effective against experts' depictions and predictions of IoT threats. Our results indicate that journalists generally are unaware of IoT-related risks and are not adequately protecting themselves; this considers cases where they possess IoT devices, or where they enter IoT-enabled environments (e.g., at work or home). Expert recommendations spanned both immediate and longterm mitigation methods, including practical actions that are technical and socio-political in nature. However, all proposed individual mitigation methods are likely to be short-term solutions, with 26 of 34 (76.5%) of cyber security experts responding that within the next five years it will not be possible for the public to opt-out of interaction with the IoT.

The main method for long-distance underwater communication is underwater acoustic communication(UAC). The bandwidth of UAC channel is narrow and the frequency band resources are scarce. Therefore, it is important to improve the frequency band utilization of UAC system. Cognitive underwater acoustic (CUA) technology is an important method. CUA network can share spectrum resources with the primary network. Spectrum sensing (SS) technology is the premise of realizing CUA. Therefore, improving the accuracy of spectral sensing is the main purpose of this paper. However, the realization of underwater SS technology still faces many difficulties. First, underwater energy supplies are scarce, making it difficult to apply complex algorithms. Second, and more seriously, CUA network can sometimes be attacked and exploited by hostile forces, which will not only lead to data leakage, but also greatly affect the accuracy of SS. In order to improve the utilization of underwater spectrum and avoid attack, an underwater spectrum sensing model based on the two-threshold energy detection method and K of M fusion decision method is established. Then, the trust mechanism based on beta function and XOR operation are proposed to combat individual attack and multi-user joint attack (MUJA) respectively. Finally, simulation result shows the effectiveness of these methods.

As a current disruptive and transformative technology, artificial intelligence is constantly infiltrating all aspects of production and life. However, with the in-depth development and application of artificial intelligence, the security challenges it faces have become more and more prominent. In the real world, attacks against intelligent systems such as the Internet of Things, smart homes, and driverless cars are constantly appearing, and incidents of artificial intelligence being used in cyber-attacks and cybercrimes frequently occur. This article aims to discuss artificial intelligence security issues and propose some countermeasures.

Information-Centric Networking (ICN) is attracting attention as a content distribution method against increasing network traffic. Content distribution in ICN adopts a pull-type communication method that returns data to Interest. However, in this case, the push-type communication method is advantageous. Therefore, the authors have proposed a method in which a server pushes content to reduce the node load in an environment where a large amount of Interest to specific content occurs in a short time. In this paper, we analyze the packet processing delay time with and without the proposed method in an environment where a router processes a large number of packets using a simulator. Simulation results show that the proposed method can reduce packet processing delay time and node load.

Over the last few years, there has been an increasing number of studies about facial emotion recognition because of the importance and the impact that it has in the interaction of humans with computers. With the growing number of challenging datasets, the application of deep learning techniques have all become necessary. In this paper, we study the challenges of Emotion Recognition Datasets and we also try different parameters and architectures of the Conventional Neural Networks (CNNs) in order to detect the seven emotions in human faces, such as: anger, fear, disgust, contempt, happiness, sadness and surprise. We have chosen iCV MEFED (Multi-Emotion Facial Expression Dataset) as the main dataset for our study, which is relatively new, interesting and very challenging.

Human emotion recognition plays a vital role in interpersonal communication and human-machine interaction domain. Emotions are expressed through speech, hand gestures and by the movements of other body parts and through facial expression. Facial emotions are one of the most important factors in human communication that help us to understand, what the other person is trying to communicate. People understand only one-third of the message verbally, and two-third of it is through non-verbal means. There are many face emotion recognition (FER) systems present right now, but in real-life scenarios, they do not perform efficiently. Though there are many which claim to be a near-perfect system and to achieve the results in favourable and optimal conditions. The wide variety of expressions shown by people and the diversity in facial features of different people will not aid in the process of coming up with a system that is definite in nature. Hence developing a reliable system without any flaws showed by the existing systems is a challenging task. This paper aims to build an enhanced system that can analyse the exact facial expression of a user at that particular time and generate the corresponding emotion. Datasets like JAFFE and FER2013 were used for performance analysis. Pre-processing methods like facial landmark and HOG were incorporated into a convolutional neural network (CNN), and this has achieved good accuracy when compared with the already existing models.