Biblio

Recent technological advancement demands organizations to have measures in place to manage their Information Technology (IT) systems. Enterprise Architecture Frameworks (EAF) offer companies an efficient technique to manage their IT systems aligning their business requirements with effective solutions. As a result, experts have developed multiple EAF's such as TOGAF, Zachman, MoDAF, DoDAF, SABSA to help organizations to achieve their objectives by reducing the costs and complexity. These frameworks however, concentrate mostly on business needs lacking holistic enterprise-wide security practices, which may cause enterprises to be exposed for significant security risks resulting financial loss. This study focuses on evaluating business capabilities in TOGAF, NIST, COBIT, MoDAF, DoDAF, SABSA, and Zachman, and identify essential security requirements in TOGAF, SABSA and COBIT19 frameworks by comparing their resiliency processes, which helps organization to easily select applicable framework. The study shows that; besides business requirements, EAF need to include precise cybersecurity guidelines aligning EA business strategies. Enterprises now need to focus more on building resilient approach, which is beyond of protection, detection and prevention. Now enterprises should be ready to withstand against the cyber-attacks applying relevant cyber resiliency approach improving the way of dealing with impacts of cybersecurity risks.

Research on post-quantum cryptography (PQC) to improve the security against quantum computers has been actively conducted. In 2020, NIST announced the final PQC candidates whose design rationales rely on NP-hard or NP-complete problems. It is believed that cryptography based on NP-hard problem might be secure against attacks using quantum computers. N. Koblitz introduced the concept of public-key cryptography using a 3-regular graph with a perfect dominating set in the 1990s. The proposed cryptosystem is based on NP-complete problem to find a perfect dominating set in the given graph. Later, S. Yoon proposed a variant scheme using a perfect minus dominating function. However, their works have not received much attention since these schemes produce huge ciphertexts and are hard to implement efficiently. Also, the security parameters such as key size and plaintext-ciphertext size have not been proposed yet. We conduct security and performance analysis of their schemes and discuss the practical range of security parameters. As an application, the scheme with one-wayness property can be used as an encoding method in the white-box cryptography (WBC).

Threat Intelligence has been a key part of the success of Intrusion Detection, with several trusted sources leading to wide adoption and greater understanding of new and trending threats to computer networks. Identifying potential threats and live attacks on networks is only half the battle, knowing how to correctly respond to these threats and attacks requires in-depth and domain specific knowledge, which may be unique to subject experts and software vendors. Network Incident Responders and Intrusion Response Systems can benefit from a similar approach to Threat Intel, with a focus on potential Response actions. A qualitative comparison of current Threat Intel Sources and prominent Intrusion Response Systems is carried out to aid in the identification of key requirements to be met to enable the adoption of Response Intel. Building on these requirements, a template for Response Intel is proposed which incorporates standardised models developed by MITRE. Similarly, to facilitate the automated use of Response Intel, a structure for automated Response Actions is proposed.

Containers technology radically changed the ways for packaging applications and deploying them as services in cloud environments. According to the recent report on security predictions of 2020 by Trend Micro, the vulnerabilities in container components deployed with cloud architecture have been one of the top security concerns for development and operations teams in enterprises. Docker is one of the leading container technologies that automate the deployment of applications into containers. Docker Hub is a public repository by Docker for storing and sharing the Docker images. These Docker images are pulled from the Docker Hub repository and the security of images being used from the repositories in any cloud environment could be at risk. Vulnerabilities in Docker images could have a detrimental effect on enterprise applications. In this paper, the focus is on securing the Docker images using vulnerability centric approach (VCA) to detect the vulnerabilities. A set of use cases compliant with the NIST SP 800-190 Application Container Security Guide is developed for audit compliance of Docker container images with the OWASP Container Security Verification Standards (CSVS). In this paper, firs vulnerabilities of Docker container images are identified and assessed using the VCA. Then, a set of use cases to identify presence of the vulnerabilities is developed to facilitate the security audit of the container images. Finally, it is illustrated how the proposed use cases can be mapped with the requirements of the OWASP Container Security Verification Standards. The use cases can serve as a security auditing tool during the development, deployment, and maintenance of cloud microservices applications.

In this paper, an effective Advanced Persistent Threat (APT) attack response system was proposed. Reference to the NIST Cyber Security Framework (CRF) was made to present the most cost-effective measures. It has developed a system that detects and responds to real-time AM-HIDS (Anti Malware Host Intrusion Detection System) that monitors abnormal change SW of PCs as a prevention of APT. It has proved that the best government-run security measures are possible to provide an excellent cost-effectiveness environment to prevent APT attacks.

True Random number Generator (TRNG) is critical for secure communications. In this work, we explain in details regarding our recent solution on TRNG using random telegraph noise (RTN) including the benefits and the disadvantages. Security check is performed using the NIST randomness tests for both the RTN-based TRNG and various conventional pseudo random umber generator. The newly-proposed design shows excellent randomness, power consumption, low design complexity, small area and high speed, making it a suitable candidate for future cryptographically secured applications within the internet of things.

Lightweight cryptography is a new branch of cryptography focused on providing security to resource-constraint devices such as wireless sensor networks (WSN), Radio-Frequency Identification (RFIDs) and other embedded systems. The factors considered in lightweight cryptography are mainly circuit area, memory requirement, processing time, latency, power, and energy consumption. This paper presents a discussion on common lightweight block ciphers in terms of different performance parameters, strength, design trends, limitations, and applications including the National Institute of Science and Technology (NIST) round 1 and 2 candidates. Analysis of these lightweight algorithms has offered an insight into this newly emerging field of cryptography.

In this work, we propose and demonstrate a multi-layer 3-dimensional (3D) vertical RRAM (VRRAM) PUF with in-cell stabilization scheme to improve both cost efficiency and reliability. An 8-layer VRRAM array was manufactured with excellent uniformity and good endurance of \textbackslashtextgreater107. Apart from the variation in RRAM resistance, enhanced randomness is obtained thanks to the parasitic IR drop and abundant sneak current paths in 3D VRRAM. To deal with the common issue of unstable bits in PUF output, in-cell stabilization is proposed by first employing asymmetric biasing to detect the unstable bits and then exploiting reprogramming to expand the deviation to stabilize the output. The bit error rate is reduced by \textbackslashtextgreater7X (68X) for 3(5) times reprogramming. The proposed PUF features excellent resistance against machine learning attack and passes both National Institute of Standards and Technology (NIST) 800-22 and NIST 800-90B test suites.

Random numbers have a wide usage in the area of cryptography. In practice, pseudo random number generators are used in place of true random number generators, as regeneration of them may be required. Therefore because of generation methods of pseudo random number sequences, statistical randomness tests have a vital importance. In this paper, a randomness test suite is specified for long binary sequences. In literature, there are many randomness tests and test suites. However, in most of them, to apply randomness test, long sequences are partitioned into a certain fixed length and the collection of short sequences obtained is evaluated instead. In this paper, instead of partitioning a long sequence into fixed length subsequences, a concept of dynamic partitioning is introduced in accordance with the random variable in consideration. Then statistical methods are applied. The suggested suite, containing four statistical tests: Collision Tests, Weight Test, Linear Complexity Test and Index Coincidence Test, all of them work with the idea of dynamic partitioning. Besides the adaptation of this approach to randomness tests, the index coincidence test is another contribution of this work. The distribution function and the application of all tests are given in the paper.

Security and usability are two essential aspects of a system, but they usually move in opposite directions. Sometimes, to achieve security, usability has to be compromised, and vice versa. Password-based authentication systems require both security and usability. However, to increase password security, absurd rules are introduced, which often drive users to compromise the usability of their passwords. Users tend to forget complex passwords and use techniques such as writing them down, reusing them, and storing them in vulnerable ways. Enhancing the strength while maintaining the usability of a password has become one of the biggest challenges for users and security experts. In this paper, we define the pronounceability of a password as a means to measure how easy it is to memorize - an aspect we associate with usability. We examine a dataset of more than 7 million passwords to determine whether the usergenerated passwords are secure. Moreover, we convert the usergenerated passwords into phonemes and measure the pronounceability of the phoneme-based representations. We then establish a relationship between the two and suggest how password creation strategies can be adapted to better align with both security and usability.

Ransomware have observed a steady growth over the years with several concerning trends that indicate efficient, targeted attacks against organizations and individuals alike. These opportunistic attackers indiscriminately target both public and private sector entities to maximize gain. In this article, we highlight the criticality of key management in ransomware's cryptosystem in order to facilitate building effective solutions against this threat. We introduce the ransomware kill chain to elucidate the path our adversaries must take to attain their malicious objective. We examine current solutions presented against ransomware in light of this kill chain and specify which constraints on ransomware are being violated by the existing solutions. Finally, we present the notion of memory attacks against ransomware's key management and present our initial experiments with dynamically extracting decryption keys from real-world ransomware. Results of our preliminary research are promising and the extracted keys were successfully deployed in subsequent data decryption.

An ideal lattice is defined over a ring learning with errors (Ring-LWE) problem. Polynomial multiplication over the ring is the most computational and time-consuming block in lattice-based cryptography. This paper presents the first hardware design of the polynomial multiplication for LAC, one of the Round-2 candidates of the NIST PQC Standardization Process, which has byte-level modulus p=251. The proposed architecture supports polynomial multiplications for different degree n (n=512/1024/2048). For designing the scheme, we used the Vivado HLS compiler, a high-level synthesis based hardware design methodology, which is able to optimize software algorithms into actual hardware products. The design of the scheme takes 274/280/291 FFs and 204/217/208 LUTs on the Xilinx Artix-7 family FPGA, requested by NIST PQC competition for hardware implementation. Multiplication core uses only 1/1/2 pieces of 18Kb BRAMs, 1/1/1 DSPs, and 90/94/95 slices on the board. Our timing result achieved in an alternative degree n with 5.052/4.3985/5.133ns.

With the emergence of advanced technology, the user authentication methods have also been improved. Authenticating the user, several secure and efficient approaches have been introduced, but the biometric authentication method is considered much safer as compared to password-driven methods. In this paper, we explore the risks, concerns, and methods by installing well-known open-source software used in Unibiometric analysis by the partners of The National Institute of Standards and Technology (NIST). Not only are the algorithms used all open source but it comes with test data and several internal open source utilities necessary to process biometric data.

Pseudorandom bit generators (PRBG) can be designed to take the advantage of some hard number theoretic problems such as the discrete logarithm problem (DLP). Such type of generators will have good randomness and unpredictability properties as it is so difficult to find an easy solution to the regarding mathematical dilemma. Hash functions in turn play a remarkable role in many cryptographic tasks to achieve various security strengths. In this paper, a pseudorandom bit generator mechanism that is based mainly on the elliptic curve discrete logarithm problem (ECDLP) and hash derivation function is proposed. The cryptographic hash functions are used in consuming applications that require various security strengths. In a good hash function, finding whatever the input that can be mapped to any pre-specified output is considered computationally infeasible. The obtained pseudorandom bits are tested with NIST statistical tests and it also could fulfill the up-to-date standards. Moreover, a 256 × 256 grayscale images are encrypted with the obtained pseudorandom bits following by necessary analysis of the cipher images for security prove.

The need for faster and practical cryptography is a research topic for decades. In case of elliptic curve cryptography, which was proposed by Koblitz and Miller in 1985 as a more efficient alternative to RSA, the applications in real life started after 2000s. Today, most of the popular applications and protocols like Whatsapp, Signal, iOS, Android, TLS, SSH, Bitcoin etc. make use of Elliptic curve cryptography. One of the important factor for high performance elliptic curve cryptography is the finite field multiplication. In this paper, we first describe how to choose proper prime fields that makes use of Topelitz-matrices to get faster field multiplication, then we give parameter choice details to select prime fields that supports Toeplitz-matrix vector product operations. Then, we introduce the safe curve selection rationale and discuss about security. We propose new curves, discuss implementation and benchmark results and conclude our work.

Cryptography algorithms play a critical role in information technology against various attacks witnessed in the digital era. Many studies and algorithms are done to achieve security issues for information systems. The high complexity of computational operations characterises the traditional cryptography algorithms. On the other hand, lightweight algorithms are the way to solve most of the security issues that encounter applying traditional cryptography in constrained devices. However, a symmetric cipher is widely applied for ensuring the security of data communication in constraint devices. In this study, we proposed a hybrid algorithm based on two cryptography algorithms PRESENT and Salsa20. Also, a 2D logistic map of a chaotic system is applied to generate pseudo-random keys that produce more complexity for the proposed cipher algorithm. The goal of the proposed algorithm is to present a hybrid algorithm by enhancing the complexity of the current PRESENT algorithm while keeping the performance of computational operations as minimal. The proposed algorithm proved working efficiently with fast executed time, and the analysed result of the generated sequence keys passed the randomness of the NIST suite.

Emerging networking technologies, such as cloud and Software Defined Networking, provide flexibility, elasticity and functionalities to change the network configurations over time. However, changes also impose unpredictable security postures at different times, creating difficulties to the security assessment of the network. To address this issue, we propose a stateless security risk assessment, which combines the security posture of network states at different times to provide an overall security overview. This paper describes the methodologies of the stateless security risk assessment. Our approach is applicable to any emerging networking technologies with dynamic changes.

Cryptography algorithms play a critical role in information technology against various attacks witnessed in the digital era. Many studies and algorithms are done to achieve security issues for information systems. The high complexity of computational operations characterises the traditional cryptography algorithms. On the other hand, lightweight algorithms are the way to solve most of the security issues that encounter applying traditional cryptography in constrained devices. However, a symmetric cipher is widely applied for ensuring the security of data communication in constraint devices. In this study, we proposed a hybrid algorithm based on two cryptography algorithms PRESENT and Salsa20. Also, a 2D logistic map of a chaotic system is applied to generate pseudo-random keys that produce more complexity for the proposed cipher algorithm. The goal of the proposed algorithm is to present a hybrid algorithm by enhancing the complexity of the current PRESENT algorithm while keeping the performance of computational operations as minimal. The proposed algorithm proved working efficiently with fast executed time, and the analysed result of the generated sequence keys passed the randomness of the NIST suite.

Cyber threats have increased extensively during the last decade, especially in smart grids. Cybercriminals have become more sophisticated. Current security controls are not enough to defend networks from the number of highly skilled cybercriminals. Cybercriminals have learned how to evade the most sophisticated tools, such as Intrusion Detection and Prevention Systems (IDPS), and Advanced Persistent Threat (APT) is almost invisible to current tools. Fortunately, the application of Artificial Intelligence (AI) may increase the detection rate of IDPS systems, and Machine Learning (ML) techniques can mine data to detect different attack stages of APT. However, the implementation of AI may bring other risks, and cybersecurity experts need to find a balance between risk and benefits.

In the context of Advanced Persistent Threat (APT) attacks, this paper introduces a model, called Nuke, which tries to provide a more operational reading of the attackers' lifecycle in a compromised network. It allows to consider the notions of regression; and repetitiveness of final objectives achievement. By confronting this model with examples of recent attacks (Equifax data breach and TV5Monde sabotage), we emphasize the importance of the attack chronology in the Cyber Threat Intelligence (CTI) reports, as well as the Tactics, Techniques and Procedures (TTP) used by the attacker during his progression.

The smart grid is a complex cyber-physical system (CPS) that poses challenges related to scale, integration, interoperability, processes, governance, and human elements. The US National Institute of Standards and Technology (NIST) and its government, university and industry collaborators, developed an approach, called CPS Framework, to reasoning about CPS across multiple levels of concern and competency, including trustworthiness, privacy, reliability, and regulatory. The approach uses ontology and reasoning techniques to achieve a greater understanding of the interdependencies among the elements of the CPS Framework model applied to use cases. This paper demonstrates that the approach extends naturally to automated and manual decision-making for smart grids: we apply it to smart grid use cases, and illustrate how it can be used to analyze grid topologies and address concerns about the smart grid. Smart grid stakeholders, whose decision making may be assisted by this approach, include planners, designers and operators.

The methods are based on injecting unpredictability into means and objects of protection are called stochastic methods of information security. The effective protection can be done only by using stochastic methods against an active opponent. The effectiveness of stochastic protection methods is defined by the quality of the used pseudo-random number generators and hash functions. The proposed hashing algorithm DOZENHASH is based on the using of 3D stochastic transformations of DOZEN family. The principal feature of the algorithm is that all input and output data blocks as well as intermediate results of calculations are represented as three-dimensional array of bytes with 4 bytes in each dimension. Thus, the resulting transformation has a high degree of parallelism at the level of elementary operations, in other words, it is focused on the implementation using heterogeneous supercomputer technologies.

With the increasing interest in studying Automated Driving System (ADS)-equipped vehicles through simulation, there is a growing need for comprehensive and agile middleware to provide novel Virtual Analysis (VA) functions of ADS-equipped vehicles towards enabling a reliable representation for pre-deployment test. The National Institute of Standards and Technology (NIST) Universal Cyber-physical systems Environment for Federation (UCEF) is such a VA environment. It provides Application Programming Interfaces (APIs) capable of ensuring synchronized interactions across multiple simulation platforms such as LabVIEW, OMNeT++, Ricardo IGNITE, and Internet of Things (IoT) platforms. UCEF can aid engineers and researchers in understanding the impact of different constraints associated with complex cyber-physical systems (CPS). In this work UCEF is used to produce a simulated Operational Domain Design (ODD) for ADS-equipped vehicles where control (drive cycle/speed pattern), sensing (obstacle detection, traffic signs and lights), and threats (unusual signals, hacked sources) are represented as UCEF federates to simulate a drive cycle and to feed it to vehicle dynamics simulators (e.g. OpenModelica or Ricardo IGNITE) through the Functional Mock-up Interface (FMI). In this way we can subject the vehicle to a wide range of scenarios, collect data on the resulting interactions, and analyze those interactions using metrics to understand trustworthiness impact. Trustworthiness is defined here as in the NIST Framework for Cyber-Physical Systems, and is comprised of system reliability, resiliency, safety, security, and privacy. The goal of this work is to provide an example of an experimental design strategy using Fractional Factorial Design for statistically assessing the most important safety metrics in ADS-equipped vehicles.

Electronic Medical Record (EMR) is a medical record management system. EMR contains personal data of patients that is critical. The critical nature of medical records is the reason for the necessity to develop security policies as guidelines for EMR in SIMRS in XZY Hospital. In this study, analysis and risk assessment conducted to EMR management at SIMRS in XZY Hospital. Based on this study, the security of SIMRS in XZY Hospital is categorized as high. Security and Privacy Control mapping based on NIST SP800-53 rev 5 obtained 57 security controls related to privacy aspects as control options to protect EMR in SIMRS in XZY Hospital. The policy designing was done using The Triangle framework for Policy Analysis. The analysis obtained from the policy decisions of the head of XYZ Hospital. The contents of the security policy are provisions on the implementation of security policies of EMR, outlined of 17 controls were selected.

Authentication is the fundamental security service used in almost all remote applications. All such sensitive applications over an open network need authentication mechanism that should be delivered in a trusted way. In this paper, we design an RSA based authentication system for smart IoT environment over the air network using state-of-the-art industry standards. Our system provide security services including X.509 certificate, RSA based Public Key Infrastructure (PKI), challenge/response protocols with the help of proxy induced security service provider. We describe an innovative system model, protocol design, system architecture and evaluation against known threats. Also the implemented solution designed as an add on service for multiple other sensitive applications (smart city apps, cyber physical systems etc.) which needs the support of X.509 certificate based on hard tokens to populate other security services including confidentiality, integrity, non-repudiation, privacy and anonymity of the identities. The proposed scheme is evaluated against known vulnerabilities and given detail comparisons with popular known authentication schemes. The result shows that our proposed scheme mitigate all the known security risks and provide highest level assurance to smart gadgets.