Biblio
There are various Lightweight Block Ciphers (LBC) nowadays that exist to meet the demand on security requirements of the current trend in computing world, the application in the resource-constrained devices, and the Internet of Things (IoT) technologies. One way to evaluate these LBCs is to conduct a performance analysis. Performance evaluation parameters seek appropriate value such as encryption time, security level, scalability, and flexibility. Like SIMECK block cipher whose algorithm design was anchored with the SIMON and SPECK block ciphers were efficient in security and performance, there is a need to revisit its design. This paper aims to present a comparative study on the performance analysis of the enhanced round function of the SIMECK Family block cipher. The enhanced ARX structure of the round function on the three variants shows an efficient performance over the original algorithm in different simulations using the following methods of measurement; avalanche effect, runtime performance, and brute-force attack. Its recommended that the enhanced round function of the SIMECK family be evaluated by different security measurements and attacks.
Living in the age of digital transformation, companies and individuals are moving to public and private clouds to store and retrieve information, hence the need to store and retrieve data is exponentially increasing. Existing storage technologies such as DAS are facing a big challenge to deal with these huge amount of data. Hence, newer technologies should be adopted. Storage Area Network (SAN) is a distributed storage technology that aggregates data from several private nodes into a centralized secure place. Looking at SAN from a security perspective, clearly physical security over multiple geographical remote locations is not adequate to ensure a full security solution. A SAN security framework needs to be developed and designed. This work investigates how SAN protocols work (FC, ISCSI, FCOE). It also investigates about other storages technologies such as Network Attached Storage (NAS) and Direct Attached Storage (DAS) including different metrics such as: IOPS (input output per second), Throughput, Bandwidths, latency, cashing technologies. This research work is focusing on the security vulnerabilities in SAN listing different attacks in SAN protocols and compare it to other such as NAS and DAS. Another aspect of this work is to highlight performance factors in SAN in order to find a way to improve the performance focusing security solutions aimed to enhance the security level in SAN.
Network security and data confidentiality of transmitted information are among the non-functional requirements of industrial wireless sensor networks (IWSNs) in addition to latency, reliability and energy efficiency requirements. Physical layer security techniques are promising solutions to assist cryptographic methods in the presence of an eavesdropper in IWSN setups. In this paper, we propose a physical layer security scheme, which is based on both insertion of an random error vector to forward error correction (FEC) codewords and transmission over decentralized relay nodes. Reed-Solomon and Golay codes are selected as FEC coding schemes and the security performance of the proposed model is evaluated with the aid of decoding error probability of an eavesdropper. The results show that security level is highly based on the location of the eavesdropper and secure communication can be achieved when some of channels between eavesdropper and relay nodes are significantly noisier.
Nowadays, communication networks have a high relevance in any field. Because of this, it is necessary to maintain them working properly and with an adequate security level. In many fields, and in anomaly detection in communication networks in particular, it results really convenient the use of early detection methods. Therefore, adequate metrics must be defined to allow the correct evaluation of methods applied in relation to time delay in the detection. In this thesis the definition of time-aware metrics for early detection anomaly techniques evaluation.
In the paradigm of network coding, information-theoretic security is considered in the presence of wiretappers, who can access one arbitrary edge subset up to a certain size, referred to as the security level. Secure network coding is applied to prevent the leakage of the source information to the wiretappers. In this paper, we consider the problem of secure network coding for flexible pairs of information rate and security level with any fixed dimension (equal to the sum of rate and security level). We present a novel approach for designing a secure linear network code (SLNC) such that the same SLNC can be applied for all the rate and security-level pairs with the fixed dimension. We further develop a polynomial-time algorithm for efficient implementation and prove that there is no penalty on the required field size for the existence of SLNCs in terms of the best known lower bound by Guang and Yeung. Finally, by applying our approach as a crucial building block, we can construct a family of SLNCs that not only can be applied to all possible pairs of rate and security level but also share a common local encoding kernel at each intermediate node in the network.
Many governments organizations in Libya have started transferring traditional government services to e-government. These e-services will benefit a wide range of public. However, deployment of e-government bring many new security issues. Attackers would take advantages of vulnerabilities in these e-services and would conduct cyber attacks that would result in data loss, services interruptions, privacy loss, financial loss, and other significant loss. The number of vulnerabilities in e-services have increase due to the complexity of the e-services system, a lack of secure programming practices, miss-configuration of systems and web applications vulnerabilities, or not staying up-to-date with security patches. Unfortunately, there is a lack of study being done to assess the current security level of Libyan government websites. Therefore, this study aims to assess the current security of 16 Libyan government websites using penetration testing framework. In this assessment, no exploits were committed or tried on the websites. In penetration testing framework (pen test), there are four main phases: Reconnaissance, Scanning, Enumeration, Vulnerability Assessment and, SSL encryption evaluation. The aim of a security assessment is to discover vulnerabilities that could be exploited by attackers. We also conducted a Content Analysis phase for all websites. In this phase, we searched for security and privacy policies implementation information on the government websites. The aim is to determine whether the websites are aware of current accepted standard for security and privacy. From our security assessment results of 16 Libyan government websites, we compared the websites based on the number of vulnerabilities found and the level of security policies. We only found 9 websites with high and medium vulnerabilities. Many of these vulnerabilities are due to outdated software and systems, miss-configuration of systems and not applying the latest security patches. These vulnerabilities could be used by cyber hackers to attack the systems and caused damages to the systems. Also, we found 5 websites didn't implement any SSL encryption for data transactions. Lastly, only 2 websites have published security and privacy policies on their websites. This seems to indicate that these websites were not concerned with current standard in security and privacy. Finally, we classify the 16 websites into 4 safety categories: highly unsafe, unsafe, somewhat unsafe and safe. We found only 1 website with a highly unsafe ranking. Based on our finding, we concluded that the security level of the Libyan government websites are adequate, but can be further improved. However, immediate actions need to be taken to mitigate possible cyber attacks by fixing the vulnerabilities and implementing SSL encryption. Also, the websites need to publish their security and privacy policy so the users could trust their websites.
The communication security issue is of great importance and should not be ignored in backbone optical networks which is undergoing the evolution toward software defined networks (SDN). With the aim to solve this problem, this paper conducts deep analysis into the security challenge of software defined optical networks (SDON) and proposes a so-called security-enhanced signaling scheme of SDON. The proposed scheme makes full advantage of current OpenFIow protocol with some necessary extensions and security improvement, by combining digital signatures and message feedback with efficient PKI (Public Key Infrastructure) in signaling procedure of OpenFIow interaction. Thus, this security-enhanced signaling procedure is also designed in details to make sure the end-to-end trusted service connection. Simulation results show that this proposed approach can greatly improve the security level of large-scale optical network for Energy Internet services with better performance in term of connection success rate performance.
Cybersecurity assurance plays an important role in managing trust in smart grid communication systems. In this paper, cybersecurity assurance controls for smart grid communication networks and devices are delineated from the more technical functional controls to provide insights on recent innovative risk-based approaches to cybersecurity assurance in smart grid systems. The cybersecurity assurance control baselining presented in this paper is based on requirements and guidelines of the new family of IEC 62443 standards on network and systems security of industrial automation and control systems. The paper illustrates how key cybersecurity control baselining and tailoring concepts of the U.S. NIST SP 800-53 can be adopted in smart grid security architecture. The paper outlines the application of IEC 62443 standards-based security zoning and assignment of security levels to the zones in smart grid system architectures. To manage trust in the smart grid system architecture, cybersecurity assurance base lining concepts are applied per security impact levels. Selection and justification of security assurance controls presented in the paper is utilizing the approach common in Security Technical Implementation Guides (STIGs) of the U.S. Defense Information Systems Agency. As shown in the paper, enhanced granularity for managing trust both on the overall system and subsystem levels of smart grid systems can be achieved by implementation of the instructions of the CNSSI 1253 of the U.S. Committee of National Security Systems on security categorization and control selection for national security systems.
Scan design is a universal design for test (DFT) technology to increase the observability and controllability of the circuits under test by using scan chains. However, it also leads to a potential security problem that attackers can use scan design as a backdoor to extract confidential information. Researchers have tried to address this problem by using secure scan structures that usually have some keys to confirm the identities of users. However, the traditional methods to store intermediate data or keys in memory are also under high risk of being attacked. In this paper, we propose a dynamic-key secure DFT structure that can defend scan-based and memory attacks without decreasing the system performance and the testability. The main idea is to build a scan design key generator that can generate the keys dynamically instead of storing and using keys in the circuit statically. Only specific patterns derived from the original test patterns are valid to construct the keys and hence the attackers cannot shift in any other patterns to extract correct internal response from the scan chains or retrieve the keys from memory. Analysis results show that the proposed method can achieve a very high security level and the security level will not decrease no matter how many guess rounds the attackers have tried due to the dynamic nature of our method.
The security level is very important in Bluetooth, because the network or devices using secure communication, are susceptible to many attacks against the transmitted data received through eavesdropping. The cryptosystem designers needs to know the complexity of the designed Bluetooth E0. And what the advantages given by any development performed on any known Bluetooth E0Encryption method. The most important criteria can be used in evaluation method is considered as an important aspect. This paper introduce a proposed fuzzy logic technique to evaluate the complexity of Bluetooth E0Encryption system by choosing two parameters, which are entropy and correlation rate, as inputs to proposed fuzzy logic based Evaluator, which can be applied with MATLAB system.
The communication security issue brought by Smart Grid is of great importance and should not be ignored in backbone optical networks. With the aim to solve this problem, this paper firstly conducts deep analysis into the security challenge of optical network under smart power grid environment and proposes a so-called lightweight security signaling mechanism of multi-domain optical network for Energy Internet. The proposed scheme makes full advantage of current signaling protocol with some necessary extensions and security improvement. Thus, this lightweight security signaling protocol is designed to make sure the end-to-end trusted connection. Under the multi-domain communication services of smart power grid, evaluation simulation for the signaling interaction is conducted. Simulation results show that this proposed approach can greatly improve the security level of large-scale multi-domain optical network for smart power grid with better performance in term of connection success rate performance.
In several critical military missions, more than one decision level are involved. These decision levels are often independent and distributed, and sensitive pieces of information making up the military mission must be kept hidden from one level to another even if all of the decision levels cooperate to accomplish the same task. Usually, a mission is negotiated through insecure networks such as the Internet using cryptographic protocols. In such protocols, few security properties have to be ensured. However, designing a secure cryptographic protocol that ensures several properties at once is a very challenging task. In this paper, we propose a new secure protocol for multipart military missions that involve two independent and distributed decision levels having different security levels. We show that it ensures the secrecy, authentication, and non-repudiation properties. In addition, we show that it resists against man-in-the-middle attacks.
Modern cyber systems and their integration with the infrastructure has a clear effect on the productivity and quality of life immensely. Their involvement in our daily life elevate the need for means to insure their resilience against attacks and failure. One major threat is the software monoculture. Latest research work demonstrated the danger of software monoculture and presented diversity to reduce the attack surface. In this paper, we propose ChameleonSoft, a multidimensional software diversity employment to, in effect, induce spatiotemporal software behavior encryption and a moving target defense. ChameleonSoft introduces a loosely coupled, online programmable software-execution foundation separating logic, state and physical resources. The elastic construction of the foundation enabled ChameleonSoft to define running software as a set of behaviorally-mutated functionally-equivalent code variants. ChameleonSoft intelligently Shuffle, at runtime, these variants while changing their physical location inducing untraceable confusion and diffusion enough to encrypt the execution behavior of the running software. ChameleonSoft is also equipped with an autonomic failure recovery mechanism for enhanced resilience. In order to test the applicability of the proposed approach, we present a prototype of the ChameleonSoft Behavior Encryption (CBE) and recovery mechanisms. Further, using analysis and simulation, we study the performance and security aspects of the proposed system. This study aims to assess the provisioned level of security by measuring the avalanche effect percentage and the induced confusion and diffusion levels to evaluate the strength of the CBE mechanism. Further, we compute the computational cost of security provisioning and enhancing system resilience.
Modern cyber systems and their integration with the infrastructure has a clear effect on the productivity and quality of life immensely. Their involvement in our daily life elevate the need for means to insure their resilience against attacks and failure. One major threat is the software monoculture. Latest research work demonstrated the danger of software monoculture and presented diversity to reduce the attack surface. In this paper, we propose ChameleonSoft, a multidimensional software diversity employment to, in effect, induce spatiotemporal software behavior encryption and a moving target defense. ChameleonSoft introduces a loosely coupled, online programmable software-execution foundation separating logic, state and physical resources. The elastic construction of the foundation enabled ChameleonSoft to define running software as a set of behaviorally-mutated functionally-equivalent code variants. ChameleonSoft intelligently Shuffle, at runtime, these variants while changing their physical location inducing untraceable confusion and diffusion enough to encrypt the execution behavior of the running software. ChameleonSoft is also equipped with an autonomic failure recovery mechanism for enhanced resilience. In order to test the applicability of the proposed approach, we present a prototype of the ChameleonSoft Behavior Encryption (CBE) and recovery mechanisms. Further, using analysis and simulation, we study the performance and security aspects of the proposed system. This study aims to assess the provisioned level of security by measuring the avalanche effect percentage and the induced confusion and diffusion levels to evaluate the strength of the CBE mechanism. Further, we compute the computational cost of security provisioning and enhancing system resilience.
File encryption is an effective way for an enterprise to prevent its data from being lost. However, the data may still be deliberately or inadvertently leaked out by the insiders or customers. When the sensitive data are leaked, it often results in huge monetary damages and credit loss. In this paper, we propose a novel group file encryption/decryption method, named the Group File Encryption Method using Dynamic System Environment Key (GEMS for short), which provides users with auto crypt, authentication, authorization, and auditing security schemes by utilizing a group key and a system environment key. In the GEMS, the important parameters are hidden and stored in different devices to avoid them from being cracked easily. Besides, it can resist known-key and eavesdropping attacks to achieve a very high security level, which is practically useful in securing an enterprise's and a government's private data.