Biblio

Resilience and security of infrastructures depend not only on their constituent systems but also on interdependencies among them. This paper studies how these interdependencies in infrastructures affect the defense effort needed to counter external attacks, by formulating a simultaneous game between a service provider (i.e., defender) and an attacker. Effects of interdependencies in three basic topological structures, namely, bus, star and ring, are considered and compared in terms of the game-theoretic defense strategy. Results show that in a star topology, the attacker's and defender's pure strategies at Nash Equilibrium (NE) are sensitive to interdependency levels whereas in a bus structure, the interdependencies show little impact on both defender's and attacker's pure strategies. The sensitivity estimates of defense and attack strategies at NE with respect to target valuation and unit cost are also presented. The results provide insights into infrastructure design and resource allocation for reinforcement of constituent systems.

5G mobile networks promise universal communication environment and aims at providing higher bandwidth, increased communication and networking capabilities, and extensive signal coverage by using multiple communication technologies including Device-to-Device (D-to-D). This paradigm, will allow scalable and ubiquitous connectivity for large-scale mobile networks where a huge number of heterogeneous devices with limited resources will cooperate to enhance communication efficiency in terms of link reliability, spectral efficiency, system capacity, and transmission range. However, owing to its decentralized nature, cooperative D-to-D communication could be vulnerable to attacks initiated on relay nodes. Consequently, a source node has the interest to select the more protected relay to ensure the security of its traffic. Nevertheless, an improvement in the protection level has a counterpart cost that must be sustained by the device. To address this trade-off as well as the interaction between the attacker and the source device, we propose a dynamic game theoretic based approach to model and analyze this problem as a cost model. The utility function of the proposed non-cooperative game is based on the concepts of return on protection and return on attack which illustrate the gain of selecting a relay for transmitting a data packet by a source node and the reward of the attacker to perform an attack to compromise the transmitted data. Moreover, we discuss and analyze Nash equilibrium convergence of this attack-defense model and we propose an heuristic algorithm that can determine the equilibrium state in a limited number of running stages. Finally, we perform simulation work to show the effectiveness of the game model in assessing the behavior of the source node and the attacker and its ability to reach equilibrium within a finite number of steps.

This paper studies the sensor placement problem in a networked control system for improving its security against cyber-physical attacks. The problem is formulated as a zero-sum game between an attacker and a detector. The attacker's decision is to select f nodes of the network to attack whereas the detector's decision is to place f sensors to detect the presence of the attack signals. In our formulation, the attacker minimizes its visibility, defined as the system L2 gain from the attack signals to the deployed sensors' outputs, and the detector maximizes the visibility of the attack signals. The equilibrium strategy of the game determines the optimal locations of the sensors. The existence of Nash equilibrium for the attacker-detector game is studied when the underlying connectivity graph is a directed or an undirected tree. When the game does not admit a Nash equilibrium, it is shown that the Stackelberg equilibrium of the game, with the detector as the game leader, can be computed efficiently. Our results show that, under the optimal sensor placement strategy, an undirected topology provides a higher security level for a networked control system compared with its corresponding directed topology.

This paper presents a novel game theoretic attack-defence decision making framework for cyber-physical system (CPS) security. Game theory is a powerful tool to analyse the interaction between the attacker and the defender in such scenarios. In the formulation of games, participants are usually assumed to be rational. They will always choose the action to pursuit maximum payoff according to the knowledge of the strategic situation they are in. However, in reality the capacity of rationality is often bounded by the level of intelligence, computational resources and the amount of available information. This paper formulates the concept of bounded rationality into the decision making process, in order to optimise the defender's strategy considering that the defender and the attacker have incomplete information of each other and limited computational capacity. Under the proposed framework, the defender can often benefit from deviating from the minimax Nash Equilibrium strategy, the theoretically expected outcome of rational game playing. Numerical results are presented and discussed in order to demonstrate the proposed technique.

Social Virtual Reality based Learning Environments (VRLEs) such as vSocial render instructional content in a three-dimensional immersive computer experience for training youth with learning impediments. There are limited prior works that explored attack vulnerability in VR technology, and hence there is a need for systematic frameworks to quantify risks corresponding to security, privacy, and safety (SPS) threats. The SPS threats can adversely impact the educational user experience and hinder delivery of VRLE content. In this paper, we propose a novel risk assessment framework that utilizes attack trees to calculate a risk score for varied VRLE threats with rate and duration of threats as inputs. We compare the impact of a well-constructed attack tree with an adhoc attack tree to study the trade-offs between overheads in managing attack trees, and the cost of risk mitigation when vulnerabilities are identified. We use a vSocial VRLE testbed in a case study to showcase the effectiveness of our framework and demonstrate how a suitable attack tree formalism can result in a more safer, privacy-preserving and secure VRLE system.

The fundamental aim of digital forensics is to discover, investigate and protect an evidence, increasing cybercrime enforces digital forensics team to have more accurate evidence handling. This makes digital evidence as an important factor to link individual with criminal activity. In this procedure of forensics investigation, maintaining integrity of the evidence plays an important role. A chain of custody refers to a process of recording and preserving details of digital evidence from collection to presenting in court of law. It becomes a necessary objective to ensure that the evidence provided to the court remains original and authentic without tampering. Aim is to transfer these digital evidences securely using encryption techniques.

In this paper, we present an extensive evaluation of face recognition and verification approaches performed by the European COST Action MULTI-modal Imaging of FOREnsic SciEnce Evidence (MULTI-FORESEE). The aim of the study is to evaluate various face recognition and verification methods, ranging from methods based on facial landmarks to state-of-the-art off-the-shelf pre-trained Convolutional Neural Networks (CNN), as well as CNN models directly trained for the task at hand. To fulfill this objective, we carefully designed and implemented a realistic data acquisition process, that corresponds to a typical face verification setup, and collected a challenging dataset to evaluate the real world performance of the aforementioned methods. Apart from verifying the effectiveness of deep learning approaches in a specific scenario, several important limitations are identified and discussed through the paper, providing valuable insight for future research directions in the field.

A semi-quantum key distribution (SQKD) protocol allows two users A and B to establish a shared secret key that is secure against an all-powerful adversary E even when one of the users (e.g., B) is semi-quantum or classical in nature while the other is fully-quantum. A mediated SQKD protocol allows two semi-quantum users to establish a key with the help of an adversarial quantum server. We introduce the concept of a multi-mediated SQKD protocol where two (or more) adversarial quantum servers are used. We construct a new protocol in this model and show how it can withstand high levels of quantum noise, though at a cost to efficiency. We perform an information theoretic security analysis and, along the way, prove a general security result applicable to arbitrary MM-SQKD protocols. Finally, a comparison is made to previous (S)QKD protocols.

In this work we introduce a novel QKD protocol capable of smoothly transitioning, via a user-tuneable parameter, from classical to semi-quantum in order to help understand the effect of quantum communication resources on secure key distribution. We perform an information theoretic security analysis of this protocol to determine what level of "quantumness" is sufficient to achieve security, and we discover some rather interesting properties of this protocol along the way.

This paper investigates the problem of generating two secret keys (SKs) simultaneously over a five-terminal system with terminals labelled as 1, 2, 3, 4 and 5. Each of terminal 2 and terminal 3 wishes to generate an SK with terminal 1 over a public channel wiretapped by a passive eavesdropper. Terminal 4 and terminal 5 respectively act as a trusted helper and an untrusted helper to assist the SK generation. All the terminals observe correlated source sequences from discrete memoryless sources (DMS) and can exchange information over a public channel with no rate constraint that the eavesdropper has access to. Based on the considered model, key capacity region is fully characterized and a source coding scheme that can achieve the capacity region is provided. Furthermore, expression for key leakage rate is obtained to analyze the security performance of the two generated keys.

Tensor operations, such as matrix multiplication, are central to large-scale machine learning applications. These operations can be carried out on a distributed computing platform with a master server at the user side and multiple workers in the cloud operating in parallel. For distributed platforms, it has been recently shown that coding over the input data matrices can reduce the computational delay, yielding a tradeoff between recovery threshold and communication load. In this work, we impose an additional security constraint on the data matrices and assume that workers can collude to eavesdrop on the content of these data matrices. Specifically, we introduce a novel class of secure codes, referred to as secure generalized PolyDot codes, that generalizes previously published non-secure versions of these codes for matrix multiplication. These codes extend the state-of-the-art by allowing a flexible trade-off between recovery threshold and communication load for a fixed maximum number of colluding workers.

In recent years, Edge Computing (EC) has attracted increasing attention for its advantages in handling latencysensitive and compute-intensive applications. It is becoming a widespread solution to solve the last mile problem of cloud computing. However, in actual EC deployments, data confidentiality becomes an unignorable issue because edge devices may be untrusted. In this paper, a secure and efficient edge computing scheme based on linear coding is proposed. Generally, linear coding can be utilized to achieve data confidentiality by encoding random blocks with original data blocks before they are distributed to unreliable edge nodes. However, the addition of a large amount of irrelevant random blocks also brings great communication overhead and high decoding complexities. In this paper, we focus on the design of secure coded edge computing using orthogonal vector to protect the information theoretic security of the data matrix stored on edge nodes and the input matrix uploaded by the user device, while to further reduce the communication overhead and decoding complexities. In recent years, Edge Computing (EC) has attracted increasing attention for its advantages in handling latencysensitive and compute-intensive applications. It is becoming a widespread solution to solve the last mile problem of cloud computing. However, in actual EC deployments, data confidentiality becomes an unignorable issue because edge devices may be untrusted. In this paper, a secure and efficient edge computing scheme based on linear coding is proposed. Generally, linear coding can be utilized to achieve data confidentiality by encoding random blocks with original data blocks before they are distributed to unreliable edge nodes. However, the addition of a large amount of irrelevant random blocks also brings great communication overhead and high decoding complexities. In this paper, we focus on the design of secure coded edge computing using orthogonal vector to protect the information theoretic security of the data matrix stored on edge nodes and the input matrix uploaded by the user device, while to further reduce the communication overhead and decoding complexities.

Multipath fading as well as shadowing is liable for the leakage of confidential information from the wireless channels. In this paper a solution to this information leakage is proposed, where a source transmits signal through a α-μ/α-μ composite fading channel considering an eavesdropper is present in the system. Secrecy enhancement is investigated with the help of two fading parameters α and μ. To mitigate the impacts of shadowing a α-μ distribution is considered whose mean is another α-μ distribution which helps to moderate the effects multipath fading. The mathematical expressions of some secrecy matrices such as the probability of non-zero secrecy capacity and the secure outage probability are obtained in closed-form to analyze security of the wireless channel in light of the channel parameters. Finally, Monte-Carlo simulations are provided to justify the correctness of the derived expressions.

Routing Protocol for Low power and Lossy Network (RPL) is a light weight routing protocol designed for LLN (Low Power Lossy Networks). It is a source routing protocol. Due to constrained nature of resources in LLN, RPL is exposed to various attacks such as blackhole attack, wormhole attack, rank attack, version attack, etc. IDS (Intrusion Detection System) is one of the countermeasures for detection and prevention of attacks for RPL based loT. Traditional IDS techniques are not suitable for LLN due to certain characteristics like different protocol stack, standards and constrained resources. In this paper, we have presented various IDS research contribution for RPL based routing attacks. We have also classified the proposed IDS in the literature, according to the detection techniques. Therefore, this comparison will be an eye-opening stuff for future research in mitigating routing attacks for RPL based IoT.

Security plays an important role in many authentication applications. Modern era information sharing is boundless and becoming much easier to access with the introduction of the Internet and the World Wide Web. Although this can be considered as a good point, issues such as privacy and data integrity arise due to the lack of control and authority. For this reason, the concept of data security was introduced. Data security can be categorized into two which are secrecy and authentication. In particular, this research was focused on the authentication of data security. There have been substantial research which discusses on multi-factor authentication scheme but most of those research do not entirely protect data against all types of attacks. Most current research only focuses on improving the security part of authentication while neglecting other important parts such as the accuracy and efficiency of the system. Current multifactor authentication schemes were simply not designed to have security, accuracy, and efficiency as their main focus. To overcome the above issue, this research will propose a new multi-factor authentication scheme which is capable to withstand external attacks which are known security vulnerabilities and attacks which are based on user behavior. On the other hand, the proposed scheme still needs to maintain an optimum level of accuracy and efficiency. From the result of the experiments, the proposed scheme was proven to be able to withstand the attacks. This is due to the implementation of the attack recognition and key generator technique together with the use of multi-factor in the proposed scheme.

Outsourcing services to cloud server (CS) becomes popular in these years. However, the outsourced services often involve with sensitive activity and CS naturally becomes a target of varieties of attacks. Even worse, CS itself can misuse the outsourced services for illegal profit. Traditional online banking system also can make use of a cloud framework to provide economical and high-speed online services to the consumers, which makes the financial dealing easy and convenient. Most of the banking organizations provide services through passbook, ATM, mobile banking, electronic banking (e-banking) etc. Among these, the e-banking and mobile banking are more convenient and becomes essential. Therefore, it is critical to provide an efficient, reliable and more importantly, secure e-banking services to the consumers. The cloud environment is suitable paradigm to a new, small and medium scale banking organization as it eliminates the requirement for them to start with small resources and increase gradually as the service demand rises. However, security is one of the main concerns since it deals with many sensitive data of the valuable customers. In addition to this, the access of various data needs to be restricted to prevent any unauthorized transaction. Nagaraju et al. presented a framework to achieve reliability and security in public cloud based online banking using multi-factor authentication concept. Unfortunately, the login and authentication protocol of this framework is prone to impersonation attack. In this paper, we have revised the framework to avoid this attack.

Biometry is often used as a part of the multi-factor authentication in order to improve the security of IT systems. In this paper, we propose the palmprint-based solution for user identity verification. In particular, we present a new approach to feature extraction. The proposed method is based both on texture and color information. Our experiments show that using the proposed hybrid features allows for achieving satisfactory accuracy without increasing requirements for additional computational resources. It is important from our perspective since the proposed method is dedicated to smartphones and other handhelds in mobile verification scenarios.

This paper surveys a review of Internet of Things (IoT) protocols, Service oriented Middleware in IoT. The modern development of IoT, expected to create many divorce application in health care without human intervention. Various protocols are involved in the applications development. Researchers are doing research for desirable protocol with all functionalities. Middleware for an IoT provides interoperability between the devices or applications. The engineering of an IoT dependent on Service Oriented Architecture (SOA), it operates as middleware. We survey the existing SOA based IoT middleware and its functionalities.

The interest over building security-based solutions to reduce the vulnerability exploits and mitigate the risks associated with smart homes in IoT is growing. However, our investigation identified to architect and implement distributed security mechanisms is still a challenge because is necessary to handle security and privacy in IoT middleware with a strong focus. Our investigation, it was identified the significant proportion of the systems that did not address security and did not describe the security approach in any meaningful detail. The idea proposed in this work is to provide middleware aim to implement security mechanisms in smart home and contribute as how guide to beginner developers' IoT middleware. The advantages of using MidSecThings are to avoid leakage data, unavailable service, unidentification action and not authorized access over IoT devices in smart home.

Edge and Fog computing paradigms are used to process big data generated by the increasing number of IoT devices. These paradigms have enabled cities to become smarter in various aspects via real-time data-driven applications. While these have addressed some flaws of cloud computing some challenges remain particularly in terms of privacy and security. We create a testbed based on a distributed processing platform called the Information flow of Things (IFoT) middleware. We briefly describe a decentralized traffic speed query and routing service implemented on this framework testbed. We configure the testbed to test countermeasure systems that aim to address the security challenges faced by prior paradigms. Using this testbed, we investigate a novel decentralized anomaly detection approach for time-sensitive distributed smart transportation systems.

The benefits of data distribution to multiple storage platforms with different characteristics have been widely acknowledged. Such systems are more tolerant to outages and bottlenecks and allow for more flexible policies regarding cost reduction, security and workload diversity. To leverage platforms simultaneously additional orchestration steps are needed. Existing approaches either implement such steps in the application's source code, resulting to minimum reusability across applications, or handle them at the infrastructure level. The latter usually involves over-engineering to handle different application behaviors and binds the system to a specific infrastructure. In this paper we present a middle-ware that decouples the I/O path from the application's source code and performs in-transit processing before data lands on the storage platforms. Abstracting the I/O process as a graph of reusable components allows the developers to easily implement complex storage solutions without the burden of writing custom code. Similarly, the administrators can create their own graph that reflects the infrastructure setup and append it to the preceding graph, so that various policies and infrastructure-related changes can be performed transparently to the application. Users can also extend the graph chain to enhance the application's functionality by using plug-ins. Our approach eliminates the need for custom I/O management code and allows for the applications to evolve independently of the storage back-end. To evaluate our system we employed a secure web service scenario that was seamlessly adapted to the changes in its storage back-end.

The EU SoftFIRE project has built an experimentation platform for NFV and SDN experiments, tailored for testing and evaluating 5G network applications and solutions. The platform is a fully orchestrated virtualisation testbed consisting of multiple component testbeds across Europe. Users of the platform can deploy their virtualisation experiments via the platform's Middleware. This paper introduces the SoftFIRE testbed and its Middleware, and presents a set of KPI results for evaluation of experiment deployment performance.

In current, RFID (Radio Frequency Identification) Middleware is widely used in nearly all RFID applications, and provides service for raw data capturing, security data reading/writing as well as sensors controlling. However, as the existing Middlewares were organized with rigorous data comparison and data encryption, it is seriously affecting the usefulness and execution efficiency. Thus, in order to improve the utilization rate of effective data, increase the reading/writing speed as well as preserving the security of RFID, this paper proposed a PSO (Particle swarm optimization) clustering scheme to accelerate the procedure of data operation. Then with the help of PSO cluster, the RFID Middleware can provide better service for both data security and data availability. At last, a comparative experiment is proposed, which is used to further verify the advantage of our proposed scheme.

Security and protection are among the most squeezing worries that have developed with the Internet. As systems extended and turned out to be more open, security hones moved to guarantee insurance of the consistently developing Internet, its clients, and information. Today, the Internet of Things (IoT) is rising as another sort of system that associates everything to everybody, all over. Subsequently, the edge of resistance for security and protection moves toward becoming smaller on the grounds that a break may prompt vast scale irreversible harm. One element that eases the security concerns is validation. While diverse confirmation plans are utilized as a part of vertical system storehouses, a typical personality and validation plot is expected to address the heterogeneity in IoT and to coordinate the distinctive conventions exhibit in IoT. In this paper, a light weight secure framework is proposed. The proposed framework is analyzed for performance with security mechanism and found to be better over critical parameters.

With the prevalence of Internet of Things (IoT) devices and systems, touching almost every single aspect of our modern life, one core factor that will determine whether this technology will succeed, and gain people trust, or fail is security. This technology aimed to facilitate and improve the quality of our life; however, it is hysterical and fast growth makes it an attractive and prime target for a whole variety of hackers posing a significant risk to our technology and IT infrastructures at both enterprise and individual levels. This paper discusses and identifies some critical aspects from software security perspective that need to be addressed and considered when designing IoT applications. This paper mainly concerned with potential security issues of the applications running on IoT devices including insecure interfaces, insecure software, constrained application protocol and middleware security. This effort is part of a funded research project that investigates internet of things (IoT) security and privacy issues related to architecture, connectivity and data collection.