Biblio

In this paper, two of the main Blockchain development platforms, Ethereum and EOS.IO are compared. The objective is to help developers select the most appropriate platform as the back-end Blockchain for their apps. A decentralized application was implemented on each of the platforms triggering basic operations and timing them. The simulations were performed on Microsoft’s Azure cloud, running up to 150 Blockchain nodes while recording the user response time, the CPU utilization, and the totally used memory in Mbytes. The results in this study show that although recognized as a major competitor to Ethereum, EOS.IO fails to outperform the Ethereum platform in this experiment, recording a very high response time in comparison to Ethereum.

The blockchain technology evolution in recent times has a hopefulness regarding the impression of self-sovereign identity that has a significant effect on the method of interacting with each other with security over the network. The existing system is not complete and procedural. There arises a different idea of self-sovereign identity methodology. To develop to the possibility, it is necessary to guarantee a better understanding in a proper way. This paper has an in-depth analysis of the attributes of the self-sovereign identity and it affects over the laws of identity that are being explored. The Identity management system(IMS) with no centralized authority is proposed in maintaining the secrecy of records, where as traditional systems are replaced by blockchains and identities are generated cryptographically. This study enables sharing of user data on permissioned blockchain which uses identity-based encryption to maintain access control and data security.

Most of the existing identity systems are built on top of centralized storage systems. Storing identity data on these types of centralized storage platforms(e.g cloud storage, central servers) becomes a major privacy concern since various types of attacks and data breaches can happen. With this research, we are proposing blockchain and self-sovereign identity based digital identity (KYC - Know Your Customer) platform “Casper” to address the issues on centralized identity systems. “Casper ” is an Android/iOS based mobile identity wallet application that combines the integration of blockchain and a self-sovereign identity-based approach. Unlike centralized identity systems, the actual identities of the customer/users are stored in the customers’ mobile wallet application. The proof of these identities is stored in the blockchain-based decentralized storage as a self-sovereign identity proof. Casper platforms’ Self-Sovereign Identity(SSI)-based system provides a Zero Knowledge Proof(ZKP) mechanism to verify the identity information. Casper platform can be adopted in various domains such as healthcare, banking, government organization etc. As a use case, we have discussed building a digital identity wallet for banking customers with the Casper platform. Casper provides a secure, decentralized and ZKP verifiable identity by using blockchain and SSI based approach. It addresses the common issues in centralized/cloud-based identity systems platforms such as the lack of data immutability, lack of traceability, centralized control etc.

The promise of access to contextual expertise, advanced security tools and an increase in staff augmentation coupled with reduced computing costs has indisputably made cloud computing a computing platform of choice, so enticing that many organizations had to migrate some if not all their services to the cloud. Identity-management-as-a-service (IdMaaS), however, is still struggling to mature due to lack of trust. Lack of trust arises from losing control over the identity information (user credentials), identity management system as well as the underlying infrastructure, raising a fear of loss of confidentiality, integrity and availability of both the identities and the identity management system. This paper recognizes the need for a trust framework comprising of both the operational and technical Frameworks as a holistic approach towards enhancing trust in IdMaaS. To this end however, only the operational Framework will form the core of this paper. The success of IdMaaS will add to the suite of other matured identity management technologies, spoiling the would-be identity service consumers with a wide choice of identity management paradigms to pick from, at the same time opening entrepreneurial opportunities to cloud players.

Decentralized Identifiers (DIDs) and Self-Sovereign Identity (SSI) are emerging decentralized identity solutions. DIDs allow legal entities like organizations to create and fully control their identifiers while building the necessary infrastructure for SSI, enabling entities like persons, organizations, or machines to fully control and own their digital identities without the involvement of an intermediate central authority. DIDs are identifiers that are used to reference entities unambiguously and, together with DID Documents stored in a verifiable data registry, establish a new, decentralized public-key infrastructure. An SSI-based digital identity may be composed of many different claims certified by an issuer. Examples are the identity holder’s name, age, gender, university degree, driving license, or other attributes. What makes SSI unique compared to other identity management solutions is that the users keep their digital identities in storage of their choice and thus determine their distribution and processing.With this privacy-by-design approach, the emergence of DIDs and SSI can shape the architecture of the future Internet and its applications, which will impact the future of mobile networks. While 5G networks are currently being rolled out, a discussion about the new capabilities of 6G networks, which are still in the distant future, has long since begun. In addition to even faster access, shorter delays, and new applications, features such as human-centricity, data protection, and privacy are being addressed in particular in the discussions. These latter points make DIDs, SSI, and related concepts and architectures promising candidates for 6G adoption.The talk gives a brief introduction to DIDs and SSI and then discusses the benefits and drawbacks the integration of these technologies into 6G may have. Furthermore, the talk identifies different use cases and identifies the system components and functions of cellular networks affected by a 6G integration.

Federated Identity Management (FIM) is a model of identity management in which different trusted organizations can provide secure online services to their uses. Security Assertion Markup Language (SAML) is one of the widely-used technologies for FIM. However, a SAML-based FIM has two significant issues: the metadata (a crucial component in SAML) has security issues, and federation management is hard to scale. The concept of dynamic identity federation has been introduced, enabling previously unknown entities to join in a new federation facilitating inter-organization service provisioning to address federation management's scalability issue. However, the existing dynamic federation approaches have security issues concerning confidentiality, integrity, authenticity, and transparency. In this paper, we present the idea of facilitating dynamic identity federations utilizing blockchain technology to improve the existing approaches' security issues. We demonstrate its architecture based on a rigorous threat model and requirement analysis. We also discuss its implementation details, current protocol flows and analyze its performance to underline its applicability.

Identity resolution system is the primary technical research problem to set up the data collection capability of industrial internet, and the configuration resolution of complex assets is an application difficulty. To implement the particular requirements of complex equipment configuration management, an industry-oriented identity resolution architecture and the configuration resolution service were designed. In accordance with the technical information management of high-speed train, corresponding handle structures was proposed to describe the configuration structure and related components information of EMU (Electric Multiple Unit). A distributed processing algorithm for configuration resolution and the hit-ratio evaluation method of handle service sites was proposed. The performance, stability, and resolution consistency of the handle system in this paper are proved by experiments, which is also great significant to the intelligent identity applications in other industries.

With smart vehicles interconnected with multiple systems and other entities, whether they are people or IoT devices, the importance of a digital identity for them has emerged. We present in this paper how a Self-Sovereign Identities combined with blockchain can provide a solution to this end, in order to decentralize the identity management and provide them with capabilities to identify the other entities they interact with. Such entities can be the owners of the vehicles, other drivers and workshops that act as service providers. Two use cases are examined along with the interactions between the participants, to demonstrate how a decentralized identity management solution can take care of the necessary authentication and authorization processes. Finally, we test the system and provide the measurements to prove its feasibility in real-life deployments.

Existing digital identity management systems fail to deliver the desirable properties of control by the users of their own identity data, credibility of disclosed identity data, and network-level anonymity. The recently proposed Self-Sovereign Identity (SSI) approach promises to give users these properties. However, we argue that without addressing privacy at the network level, SSI systems cannot deliver on this promise. In this paper we present the design and analysis of our solution TCID, created in collaboration with the Dutch government. TCID is a system consisting of a set of components that together satisfy seven functional requirements to guarantee the desirable system properties. We show that the latency incurred by network-level anonymization in TCID is significantly larger than that of identity data disclosure protocols but is still low enough for practical situations. We conclude that current research on SSI is too narrowly focused on these data disclosure protocols.

Digital identity is the key to the evolving digital society and economy. Since the inception of digital identity, numerous Identity Management (IDM) systems have been developed to manage digital identity depending on the requirements of the individual and that of organisations. This evolution of IDM systems has provided an incremental process leading to the granting of control of identity ownership and personal data to its user, thus producing an IDM which is more user-centric with enhanced security and privacy. A recently promising IDM known as Self-Sovereign Identity (SSI) has the potential to provide this sovereignty to the identity owner. The Sovrin Network is an emerging SSI service utility enabling self-sovereign identity for all, therefore, its assessment has to be carefully considered with reference to its architecture, working, functionality, strengths and limitations. This paper presents an analysis of the Sovrin Network based on aforementioned features. Firstly, it presents the architecture and components of the Sovrin Network. Secondly, it illustrates the working of the Sovrin Network and performs a detailed analysis of its various functionalities and metrics. Finally, based on the detailed analysis, it presents the strengths and limitations of the Sovrin Network.

STAMP (System Theoretic Accident Model and Processes) is one of the theories that has been attracting attention as a new safety analysis method for complex systems. CAST (Causal Analysis using System Theory) is a causal analysis method based on STAMP theory. The authors investigated an information security incident case, “AIST (National Institute of Advanced Industrial Science and Technology) report on unauthorized access to information systems,” and attempted accident analysis using CAST. We investigated whether CAST could be applied to the cyber security analysis. Since CAST is a safety accident analysis technique, this study was the first to apply CAST to cyber security incidents. Its effectiveness was confirmed from the viewpoint of the following three research questions. Q1:Features of CAST as an accident analysis method Q2:Applicability and impact on security accident analysis Q3:Understanding cyber security incidents with a five-layer model.

The intelligent cyber-physical system (CPS) has been applied in various fields, covering multiple critical infras-tructures and human daily life support areas. CPS Security is a major concern and of critical importance, especially the security of the intelligent control component. Side-channel analysis (SCA) is the common threat exploiting the weaknesses in system operation to extract information of the intelligent CPS. However, existing literature lacks the systematic theo-retical analysis of the side-channel attacks on the intelligent CPS, without the ability to quantify and measure the leaked information. To address these issues, we propose the SCA-based model extraction attack on intelligent CPS. First, we design an efficient and novel SCA-based model extraction framework, including the threat model, hierarchical attack process, and the multiple micro-space parallel search enabled weight extraction algorithm. Secondly, an information theory-empowered analy-sis model for side-channel attacks on intelligent CPS is built. We propose a mutual information-based quantification method and derive the capacity of side-channel attacks on intelligent CPS, formulating the amount of information leakage through side channels. Thirdly, we develop the theoretical bounds of the leaked information over multiple attack queries based on the data processing inequality and properties of entropy. These convergence bounds provide theoretical means to estimate the amount of information leaked. Finally, experimental evaluation, including real-world experiments, demonstrates the effective-ness of the proposed SCA-based model extraction algorithm and the information theory-based analysis method in intelligent CPS.

Currently, statistical tests for random number generators (RNGs) are widely used in practice, and some of them are even included in information security standards. But despite the popularity of RNGs, consistent tests are known only for stationary ergodic deviations of randomness (a test is consistent if it detects any deviations from a given class when the sample size goes to infinity). However, the model of a stationary ergodic source is too narrow for some RNGs, in particular, for generators based on physical effects. In this article, we propose computable consistent tests for some classes of deviations more general than stationary ergodic and describe some general properties of statistical tests. The proposed approach and the resulting test are based on the ideas and methods of information theory.

The article describes an analytical model of the actions of an information security violator for the secret extraction of confidential information processed on the protected object in terms of the theory of Markov random processes. The characteristics of the existing models are given, as well as the requirements that are imposed on the model for simulating the process. All model states are described in detail, as well as the data flow that is used in the process simulation. The model is represented as a directed state graph. It also describes the option for evaluating the data obtained during modeling. In the modern world, with the developing methods and means of covert extraction of information, the problem of assessing the damage that can be caused by the theft of the organization's data is acute. This model can be used to build a model of information security threats.

To ensure comprehensive information protection, it is necessary to use various means of information protection, distributed by levels and segments of the information system. This creates a contradiction, which consists in the presence of many different means of information protection and the inability to ensure their joint coordinated application in ensuring the protection of information due to the lack of an automated control system. One of the tasks that contribute to the solution of this problem is the task of generating a feasible organizational structure and the structure of such an automated control system, the results of which would provide these options and choose the one that is optimal under given initial parameters and limitations. The problem is solved by reducing the General task with particular splitting the original graph of the automated cyber defense control system into subgraphs. As a result, the organizational composition and the automated cyber defense management system structures will provide a set of acceptable variants, on the basis of which the optimal choice is made under the given initial parameters and restrictions. As a result, admissible variants for the formation technique of organizational structure and structure by the automated control system of cyber defense is received.

Game theory is a branch of modern mathematics, which is a mathematical method to study how decision-makers should make decisions in order to strive for the maximum interests in the process of competition. In this paper, from the perspective of offensive and defensive confrontation, using game theory for reference, we build a dynamic evaluation model of information system security risk based on static game model. By using heisani transformation, the uncertainty of strategic risk of offensive and defensive sides is transformed into the uncertainty of each other's type. The security risk of pure defense strategy and mixed defense strategy is analyzed quantitatively, On this basis, an information security risk assessment algorithm based on static game model is designed.

In the industrial control system, in order to solve the problem that the installation of smart devices in a transparent environment are faced with the unknown attack problems, because most of the industrial control equipment to detect unknown risks, Therefore, by studying the security protection of the current industrial control system and the trust mechanism that should be widely used in the Internet of things, this paper presents the abnormal node detection mode based on comprehensive trust applied to the industrial control system scenarios. This model firstly proposes a model, which fuses direct and indirect trust values into current trust values through support algorithm and vector similarity algorithm, and then combines them with historical trust values, and gives the calculation method of each trust value. Finally, a method to determine abnormal nodes based on comprehensive trust degree is given to realize a detection process for all industrial control nodes. By analyzing the real data case provided by Melbourne Water, it is concluded that this model can improve the detection range and detection accuracy of abnormal nodes. It can accurately judge and effectively resist malicious behavior and also have a good resistance to aggression.

With an increasing number of adversarial attacks against Industrial Control Systems (ICS) networks, enhancing the security of such systems is invaluable. Although attack prevention strategies are often in place, protecting against all attacks, especially zero-day attacks, is becoming impossible. Intrusion Detection Systems (IDS) are needed to detect such attacks promptly. Machine learning-based detection systems, especially deep learning algorithms, have shown promising results and outperformed other approaches. In this paper, we study the efficacy of a deep learning approach, namely, Multi Layer Perceptron (MLP), in detecting abnormal behaviors in ICS network traffic. We focus on very common reconnaissance attacks in ICS networks. In such attacks, the adversary focuses on gathering information about the targeted network. To evaluate our approach, we compare MLP with isolation Forest (i Forest), a statistical machine learning approach. Our proposed deep learning approach achieves an accuracy of more than 99% while i Forest achieves only 75%. This helps to reinforce the promise of using deep learning techniques for anomaly detection.

Industrial Control System (ICS) transmits control and monitoring data between devices in an industrial environment that includes smart grids, water and gas distribution, or traffic control. Unlike traditional internet communication, ICS traffic is stable, periodical, and with regular communication patterns that can be described using statistical modeling. By observing selected features of ICS transmission, e.g., packet direction and inter-arrival times, we can create a statistical profile of the communication based on distribution of features learned from the normal ICS traffic. This paper demonstrates that using statistical modeling, we can detect various anomalies caused by irregular transmissions, device or link failures, and also cyber attacks like packet injection, scanning, or denial of service (DoS). The paper shows how a statistical model is automatically created from a training dataset. We present two types of statistical profiles: the master-oriented profile for one-to-many communication and the peer-to-peer profile that describes traffic between two ICS devices. The proposed approach is fast and easy to implement as a part of an intrusion detection system (IDS) or an anomaly detection (AD) module. The proof-of-concept is demonstrated on two industrial protocols: IEC 60870-5-104 (aka IEC 104) and IEC 61850 (Goose).

Industrial Control Systems (ICSs) are used in several domains such as Transportation, Manufacturing, Defense and Power Generation and Distribution. ICSs deal with complex physical systems in order to achieve an industrial purpose with operational safety. Security has not been taken into account by design in these systems that makes them vulnerable to cyberattacks.In this paper, we rely on existing public ICS datasets as well as on the existing literature of Machine Learning (ML) applications for anomaly detection in ICSs in order to improve detection scores. To perform this purpose, we propose a systematic framework, relying on established ML algorithms and suitable data preprocessing methods, which allows us to quickly get efficient, and surprisingly, better results than the literature. Finally, some recommendations for future public ICS dataset generations end this paper, which would be fruitful for improving future attack detection models and then protect new ICSs designed in the next future.

Industrial Control Systems (ICS) are complex systems made up of many components with different tasks. For a safe and secure operation, each device needs to carry out its tasks correctly. To monitor a system and ensure the correct behavior of systems, anomaly detection is used.Models of expected behavior often rely only on cyber or physical features for anomaly detection. We propose an anomaly detection system that combines both types of features to create a dynamic fingerprint of an ICS. We present how a cyber-physical anomaly detection using sound on the physical layer can be designed, and which challenges need to be overcome for a successful implementation. We perform an initial evaluation for identifying actions of a 3D printer.

Industrial Control System (ICS) communication transmits monitoring and control data between industrial processes and the control station. ICS systems cover various domains of critical infrastructure such as the power plants, water and gas distribution, or aerospace traffic control. Security of ICS systems is usually implemented on the perimeter of the network using ICS enabled firewalls or Intrusion Detection Systems (IDSs). These techniques are helpful against external attacks, however, they are not able to effectively detect internal threats originating from a compromised device with malicious software. In order to mitigate or eliminate internal threats against the ICS system, we need to monitor ICS traffic and detect suspicious data transmissions that differ from common operational communication. In our research, we obtain ICS monitoring data using standardized IPFIX flows extended with meta data extracted from ICS protocol headers. Unlike other anomaly detection approaches, we focus on modelling the semantics of ICS communication obtained from the IPFIX flows that describes typical conversational patterns. This paper presents a technique for modelling ICS conversations using frequency prefix trees and Deterministic Probabilistic Automata (DPA). As demonstrated on the attack scenarios, these models are efficient to detect common cyber attacks like the command injection, packet manipulation, network scanning, or lost connection. An important advantage of our approach is that the proposed technique can be easily integrated into common security information and event management (SIEM) systems with Netflow/IPFIX support. Our experiments are performed on IEC 60870-5-104 (aka IEC 104) control communication that is widely used for the substation control in smart grids.

System logs record valuable information about the runtime status of IT systems. Therefore, system logs are a naturally excellent source of information for anomaly detection. Most of the existing studies on log-based anomaly detection construct a detection model to identify anomalous logs. Generally, the model treats historical logs as natural language sequences and learns the normal patterns from normal log sequences, and detects deviations from normal patterns as anomalies. However, the majority of existing methods focus on sequential and quantitative information and ignore semantic information hidden in log sequence so that they are inefficient in anomaly detection. In this paper, we propose a novel framework for automatically detecting log anomalies by utilizing an attention-based Bi-LSTM model. To demonstrate the effectiveness of our proposed model, we evaluate the performance on a public production log dataset. Extensive experimental results show that the proposed approach outperforms all comparison methods for anomaly detection.

As Meltdown mitigation, Kernel Page Table I solation (KPTI) was merged into Linux kernel mainline, and the performance impact is significant on x86 processors. Most of the previous work focuses on how KPTI affects Linux kernel performance within the scope of virtual machines or physical machines on x86. However, whether host KPTI affects virtual machines has not been well studied. What's more, there is relatively little research on ARM CPUs. This paper presents an in-depth study of how KPTI on the host affects the virtualized server performance and compares ARMv8 and x86. We first run several application benchmarks to demonstrate the performance impact does exist. The reason is that with a para-virtual I/O scheme, guest offloads I/O requests to the host side, which may incur user/kernel transitions. For the network I/O, when using QEMU as the back-end device, we saw a 1.7% and 5.5% slowdown on ARMv8 and x86, respectively. vhost and vhost-user, originally proposed to optimize performance, inadvertently mitigate the performance impact introduced by host KPTI. For CPU and memory-intensive benchmarks, the performance impact is trivial. We also find that virtual machines on ARMv8 are less affected by KPTI. To diagnose the root cause, we port HyperBench to the ARM virtualization platform. The final results show that swapping the translation table pointer register on ARMv8 is about 3.5x faster than x86. Our findings have significant implications for tuning the x86 virtualization platform's performance and helping ARMv8 administrators enable KPTI with confidence.

Modern day grid operation requires multiple interlinked applications and many automated processes at control center for monitoring and operation of grid. Information technology integrated with operational technology plays a critical role in grid operation. Computing resource requirements of these software applications varies widely and includes high processing applications, high Input/Output (I/O) sensitive applications and applications with low resource requirements. Present day grid operation control center uses various applications for load despatch schedule management, various real-time analytics & optimization applications, post despatch analysis and reporting applications etc. These applications are integrated with Operational Technology (OT) like Data acquisition system / Energy management system (SCADA/EMS), Wide Area Measurement System (WAMS) etc. This paper discusses various design considerations and implementation of converged infrastructure through virtualization technology by consolidation of servers and storages using multi-cluster approach to meet high availability requirement of the applications and achieve desired objectives of grid control center of north eastern region in India. The process involves weighing benefits of different architecture solution, grouping of application hosts, making multiple clusters with reliability and security considerations, and designing suitable infrastructure to meet all end objectives. Reliability, enhanced resource utilization, economic factors, storage and physical node selection, integration issues with OT systems and optimization of cost are the prime design considerations. Modalities adopted to minimize downtime of critical systems for grid operation during migration from the existing infrastructure and integration with OT systems of North Eastern Regional Load Despatch Center are also elaborated in this paper.