Biblio

Named in-network computing is an emerging technology of Named Data Networking (NDN). Through deploying the named computing services/functions on NDN router, the router can utilize its free resources to provide nearby computation for users while relieving the pressure of cloud and network edge. Benefitted from the characteristic of named addressing, named computing services/functions can be easily discovered and migrated in the network. To implement named in-network computing, integrating the computing services as Virtual Machines (VMs) into the software router is a feasible way, but how to effectively deploy the service VMs to optimize the local processing capability is still a challenge. Focusing on this problem, we first give the design of NDN-enabled software router in this paper, then propose a service earning based named service deployment scheme (SE-NSD). For available service VMs, SE-NSD not only considers their popularities but further evaluates their service earnings (processed data amount per CPU cycle). Through modelling the deployment problem as the knapsack problem, SE-NSD determines the optimal service VMs deployment scheme. The simulation results show that, comparing with the popularity-based deployment scheme, SE-NSD can promote about 30% in-network computing capability while slightly reducing the service invoking RTT of user.

With the rapid popularity of the network, the development of information encryption technology has a significant role and significance in securing network security. The security of information has become an issue of concern to the whole society, and the study of cryptography has been increasingly concerned, and the hash function is the core of modern cryptography, the most common hash algorithms are MD5 series of algorithms, SHA series of algorithms. MD5 is a popular and excellent typical Hash encryption technology today, which is used for password management, electronic signature, spam screening. In this paper, we focus on the improved MD5 algorithm with more efficiency, focusing on the internal structure of MD5, and finally making it more efficient in retrieval.

People connect with a plethora of information from many online portals due to the availability and ease of access to the internet and electronic communication devices. However, news portals sometimes abuse press freedom by manipulating facts. Most of the time, people are unable to discriminate between true and false news. It is difficult to avoid the detrimental impact of Bangla fake news from spreading quickly through online channels and influencing people’s judgment. In this work, we investigated many real and false news pieces in Bangla to discover a common pattern for determining if an article is disseminating incorrect information or not. We developed a deep learning model that was trained and validated on our selected dataset. For learning, the dataset contains 48,678 legitimate news and 1,299 fraudulent news. To deal with the imbalanced data, we used random undersampling and then ensemble to achieve the combined output. In terms of Bangla text processing, our proposed model achieved an accuracy of 98.29% and a recall of 99%.

Present-day vehicles have numerous Electronic Control Units (ECUs) and they communicate with each other over a network known as the Controller Area Network(CAN) bus. In this way, the CAN bus is a fundamental component of intra-vehicle communication. The CAN bus was designed without focusing on communication security and in this way it is vulnerable to many cyber attacks. As the vehicles are always connected to the Internet, the CAN bus is remotely accessible and could be hacked. To secure the communication between ECUs and defend against these cyber attacks, we apply a Hash Message Authentication Code(HMAC) to automotive data and demonstrate the CAN bus communication between two ECUs using Arduino UNO and MCP2515 CAN bus module.

Plaintext transmission is the major way of communication in the existing security and stability control (SSC) system of power grid. Such type of communication is easy to be invaded, camouflaged and hijacked by a third party, leading to a serious threat to the safe and stable operation of power system. Focusing on the communication security in SSC system, the authors use asymmetric encryption algorithm to encrypt communication messages, to generate random numbers through random noise of electrical quantities, and then use them to generate key pairs needed for encryption, at the same time put forward a set of key management mechanism for engineering application. In addition, the field engineering test is performed to verify that the proposed encryption method and management mechanism can effectively improve the communication in SSC system while ensuring the high-speed and reliable communication.

Focusing on human experience of vulnerability in everyday life interaction scenarios is still a novel approach. So far, only a proof-of-concept online study has been conducted, and to extend this work, we present a follow-up online study. We consider in more detail how human experience of vulnerability caused by a trust violation through a privacy breach affects trust ratings in an interaction scenario with the PEPPER robot assisting with clothes shopping. We report the results from 32 survey responses and 11 semi-structured interviews. Our findings reveal the existence of the privacy paradox also for studying trust in HRI, which is a common observation describing a discrepancy between the stated privacy concerns by people and their behavior to safeguard it. Moreover, we reflect that participants considered only the added value of utility and entertainment when deciding whether or not to interact with the robot again, but not the privacy breach. We conclude that people might tolerate an untrustworthy robot even when they are feeling vulnerable in the everyday life situation of clothes shopping.

Expanding techniques for chip-scale acoustic wave focusing would open doors for advancements in signal processing and quantum electromechanical microsystems. In this paper, we present a method for acoustic wave focusing and wavefront shaping at radio frequencies (RF), validated with thin-film lithium niobite on a low-loss and high coupling silicon carbide (LiNbO3-on-SiC) testbed. By depositing a metal layer, we can mitigate the piezoelectric stiffening effect, and reduce the acoustic wave speed in a patterned area. Employing a design analogous to geometric optical systems, efficient acoustic wave focusing is experimentally observed. With more development, this technique could be employed in emerging acoustic microsystems.

This paper aims to identify Wi-SUN devices using physical layer fingerprint. We first extract physical layer features based on the received Wi-SUN signals, especially focusing on device-specific clock skew and frequency deviation in FSK modulation. Then, these physical layer fingerprints are used to train a machine learning-based classifier and the resulting classifier finally identifies the authorized Wi-SUN devices. Preliminary experiments on Wi-SUN certified chips show that the authenticator with the proposed physical layer fingerprints can distinguish Wi-SUN devices with 100 % accuracy. Since no additional computational complexity for authentication is involved on the device side, our approach can be applied to any Wi-SUN based IoT devices with security requirements.

In recent years, new cyber attacks such as targeted attacks have caused extensive damage. With the continuing development of the IoT society, various devices are now connected to the network and are being used for various purposes. The Internet of Things has the potential to link cyber risks to actual property damage, as cyberspace risks are connected to physical space. With this increase in unknown cyber risks, the demand for cyber insurance is increasing. One of the most serious emerging risks is the silent cyber risk, and it is likely to increase in the future. However, at present, security measures against silent cyber risks are insufficient. In this study, we conducted a risk management of silent cyber risk for organizations with the objective of contributing to the development of risk management methods for new cyber risks that are expected to increase in the future. Specifically, we modeled silent cyber risk by focusing on state transitions to different risks. We newly defined two types of silent cyber risk, namely, Alteration risk and Combination risk, and conducted risk assessment. Our assessment identified 23 risk factors, and after analyzing them, we found that all of them were classified as Risk Transference. We clarified that the most effective risk countermeasure for Alteration risk was insurance and for Combination risk was measures to reduce the impact of the risk factors themselves. Our evaluation showed that the silent cyber risk could be reduced by about 50%, thus demonstrating the effectiveness of the proposed countermeasures.

Process injection techniques on Windows appli-cations are considered a serious threat to software security specialists. The attackers use these techniques to exploit the targeted program or process and take advantage of it by injecting a malicious process within the address space of the hosted process. Such attacks could be carried out using the so-called reverse engineering realm” the code caves”. For that reason, detecting these code caves in a particular application/program is deemed crucial to prevent the adversary from exploiting the programs through them. Code caves are simply a sequence of null bytes inside the executable program. They form due to the unuse of uninitialized variables. This paper presents a tool that can detect code caves in Windows programs by disassembling the program and looking for the code caves inside it; additionally, the tool will also eliminate those code caves without affecting the program’s functionality. The tool has proven reliable and accurate when tested on various types of programs under the Windows operating system.

Focusing on security management for supply chain under emergencies, this paper analyzes the characteristics of supply chain risk, clarifies the relationship between business continuity management and security management for supply chain, organizational resilience and security management for supply chain separately, so as to propose suggestions to promote the realization of security management for supply chain combined these two concepts, which is of guiding significance for security management for supply chain and quality assurance of products and services under emergencies.

Kotlin is a relatively new programming language from JetBrains: its development started in 2010 with release 1.0 done in early 2016. The Kotlin compiler, while slowly and steadily becoming more and more mature, still crashes from time to time on the more tricky input programs, not least because of the complexity of its features and their interactions. This makes it a great target for fuzzing, even the basic forms of which can find a significant number of Kotlin compiler crashes. There is a problem with fuzzing, however, closely related to the cause of the crashes: generating a random, non-trivial and semantically valid Kotlin program is hard. In this paper, we talk about type-centriccompilerfuzzing in the form of type-centricenumeration, an approach inspired by skeletal program enumeration [1] and based on a combination of generative and mutation-based fuzzing, which solves this problem by focusing on program types. After creating the skeleton program, we fill the typed holes with fragments of suitable type, created via generation and enhanced by semantic-aware mutation. We implemented this approach in our Kotlin compiler fuzzing framework called Backend Bug Finder (BBF) and did an extensive evaluation, not only testing the real-world feasibility of our approach, but also comparing it to other compiler fuzzing techniques. The results show our approach to be significantly better compared to other fuzzing approaches at generating semantically valid Kotlin programs, while creating more interesting crash-inducing inputs at the same time. We managed to find more than 50 previously unknown compiler crashes, of which 18 were considered important after their triage by the compiler team.

In Social Aware Network (SAN) model, the elementary actions focus on investigating the attributes and behaviors of the customer. This analysis of customer attributes facilitate in the design of highly active and improved protocols. In specific, the recommender systems are highly vulnerable to the shilling attack. The recommender system provides the solution to solve the issues like information overload. Collaborative filtering based recommender systems are susceptible to shilling attack known as profile injection attacks. In the shilling attack, the malicious users bias the output of the system's recommendations by adding the fake profiles. The attacker exploits the customer reviews, customer ratings and fake data for the processing of recommendation level. It is essential to detect the shilling attack in the network for sustaining the reliability and fairness of the recommender systems. This article reviews the most prominent issues and challenges of shilling attack. This paper presents the literature survey which is contributed in focusing of shilling attack and also describes the merits and demerits with its evaluation metrics like attack detection accuracy, precision and recall along with different datasets used for identifying the shilling attack in SAN network.

Security is a most concerning matter for client's data in today's emerging technological world in each field, like banking, management, retail, shopping, communication, education, etc. Arise in cyber-crime due to the black hat community, there is always a need for a better way to secure the client's sensitive information, Security is the key point in online banking as the threat of unapproved online access to a client's data is very significant as it ultimately danger to bank reputation. The more secure and powerful methods can allow a client to work with untrusted parties. Paper is focusing on how secure banking transaction system can work by using homomorphic encryption and steganography techniques. For data encryption NTRU, homomorphic encryption can be used and to hide details through the QR code, a cover image can be embed using steganography techniques.

Modern electric power systems are complex cyber-physical systems. The integration of traditional power and digital technologies result in interdependencies that need to be considered in risk analysis. In this paper we argue the need for analysis methods that can combine the competencies of various experts in a common analysis focusing on the overall system perspective. We report on our experiences on using the Vulnerability Analysis Framework (VAF) and bow-tie diagrams in a combined analysis of the power and cyber security aspects in a realistic case. Our experiences show that an extended version of VAF with increased support for interdependencies is promising for this type of analysis.

In-browser cryptomining uses the computational power of a website's visitors to mine cryptocurrency, i.e., to create new coins. With the rise of ready-to-use mining scripts distributed by service providers (e.g., Coinhive), it has become trivial to turn a website into a cryptominer by copying and pasting the mining script. Both legitimate webpage owners who want to raise an extra revenue under users' explicit consent and malicious actors who wish to exploit the computational power of the users' computers without their consent have started to utilize this emerging paradigm of cryptocurrency operations. In-browser cryptomining, though mostly abused by malicious actors in practice, is indeed a promising funding model that can be utilized by website owners, publishers, or non-profit organizations for legitimate business purposes, such as to collect revenue or donations for humanitarian projects, inter alia. However, our analysis in this paper shows that in practice, regardless of their being legitimate or not, all in-browser mining scripts are treated the same as malicious cryptomining samples (aka cryptojacking) and blacklisted by browser extensions or antivirus programs. Indeed, there is a need for a better understanding of the in-browser cryptomining ecosystem. Hence, in this paper, we present an in-depth empirical analysis of in-browser cryptomining processes, focusing on the samples explicitly asking for user consent, which we call permissioned cryptomining. To the best of our knowledge, this is the first study focusing on the permissioned cryptomining samples. For this, we created a dataset of 6269 unique web sites containing cryptomining scripts in their source codes to characterize the in-browser cryptomining ecosystem by differentiating permissioned and permissionless cryptomining samples. We believe that (1) this paper is the first attempt showing that permissioned in-browser cryptomining could be a legitimate and viable monetization tool if implemented responsibly and without interrupting the user, and (2) this paper will catalyze the widespread adoption of legitimate crvptominina with user consent and awareness.

Direct-access attacks were initially considered as un-realistic threats in cyber security because the attacker can more easily mount other non-computerized attacks like cutting a brake line. In recent years, some research into direct-access attacks have been conducted especially in the automotive field, for example, research on an attack method that makes the ECU stop functioning via the CAN bus. The problem with existing risk quantification methods is that direct-access attacks seem not to be recognized as serious threats. To solve this problem, we propose a new risk quantification method by applying vulnerability evaluation criteria and by setting metrics. We also confirm that direct-access attacks not recognized by conventional methods can be evaluated appropriately, using the case study of an automotive system as an example of a cyber-physical system.

A secure hash code or message authentication code is a one-way hash algorithm. It is producing a fixed-size hash function to be used to check verification, the integrity of electronic data, password storage. Numerous researchers have proposed hashing algorithms. They have a very high time complexity based on several steps, initial value, and key constants which are publically known. We are focusing here on the many exiting algorithms that are dependent on the initial value and key constant usage to increasing the security strength of the hash function which is publically known. Therefore, we are proposing autonomous initial value proposed secure hash algorithm (AIVPSHA64) in this research paper to produce sixty-four-bit secure hash code without the need of initial value and key constant, it is very useful for a smart card to verify their identity which has limited memory space. Then evaluate the performance of hash function using autonomous initial value proposed secure hash algorithm (AIVPSHA64) and will compare the result, which is found by python-3.9.0 programming language.

An experimental network environment plays an important role to examine new systems and protocols. We have developed an experimental network construction tool called LiONv1 (Lightweight On-Demand Networking, ver.1). LiONv1 satisfies the following four requirements: programmer-friendly configuration file based on Infrastructure as Code, multiple virtualization technologies for virtual nodes, physical topology conscious virtual node placement, and L3 protocol agnostic virtual networks. None of existing experimental network environments satisfy all the four requirements. In this paper, we develop LiONv2 which satisfies three more requirements: diversity of available network devices, Internet-scale deployment, and disaggregation of network configuration and device configuration. LiONv2 employs NETCONF and YANG to achieve diversity of available network devices and Internet-scale deployment. LiONv2 also defines two YANG models which disaggregate network configuration and device configuration. LiONv2 is implemented in Go and C languages with public libraries for Go. Measurement results show that construction time of a virtual network is irrelevant to the number of virtual nodes if a single virtual node is created per physical node.

In contrast to traditional physical servers, a custom-built system utilizing a bare-metal hypervisor virtual server environment provides advantages of both cost savings and flexibility in terms of systems configuration. This system is designed to facilitate hands-on experience for Computer Science students, particularly those specializing in systems administration and computer networking. This multi-purpose and functional system uses an automatic advanced virtual server reservation system (AAVSRsv), written in C++, to schedule and manage virtual servers. The use of such a system could be extended to additional courses focusing on such topics as cloud computing, database systems, information assurance, as well as ethical hacking and system defense. The design can also be replicated to offer training sessions to other information technology professionals.

Malicious hackers breach security perimeters, cause infrastructure disruptions as well as steal proprietary information, financial data, and violate consumers' privacy. Protection of the whole organization by using the firm's security officers can be besieged with faulty warnings. Engineers must shift from console to console to put together investigative clues as a result of today's fragmented security technologies that cause frustratingly sluggish investigations. Endpoint Detection and Response (EDR) solutions adds an extra layer of protection to prevent an endpoint action into a breach. EDR is the region's foremost detection and response tool that combines endpoint and network data to recognize and respond to sophisticated threats. Offering unrivaled security and operational effectiveness, it integrates prevention, investigation, detection, and responding in a single platform. EDR provides enterprise coverage and uninterrupted defense with its continuous monitoring and response to threats. We have presented a comprehensive review of existing EDRs through various security layers that includes detection, response and management capabilities which enables security teams to have unified end-to-end corporate accessibility, powerful analytics along with additional features such as web threat scan, external device scan and automatic reaction across the whole technological tower.

In our proposed work the web security has been enhanced using additional security code and an enhanced frame work. Administrator of site is required to specify the security code for particular date and time. On user end user would be capable to login and view authentic code allotted to them during particular time slot. This work would be better in comparison of tradition researches in order to prevent sql injection attack and cross script because proposed work is not just considering the security, it is also focusing on the performance of security system. This system is considering the lot of security dimensions. But in previous system there was focus either on sql injection or cross script. Proposed research is providing versatile security and is available with low time consumption with less probability of unauthentic access.

Despite the recent introduction of biometric identification technology, Personal Identification Numbers (PIN) are the standard for granting access to restricted areas and for authorizing operations on most systems, including mobile phones, payment devices, smart locks. Unfortunately, PINs have several inherent vulnerabilities and expose users to different types of social engineering attacks. Specifically, the risk of shoulder surfing in PIN-based authentication is especially high for individuals who are blind. In this paper, we introduce a new method for improving the trade-off between security and accessibility in PIN-based authentication systems. Our proposed solution aims at minimizing the threats posed by malicious agents while maintaining a low level of complexity for the user. We present the method and discuss the results of an evaluation study that demonstrates the advantages of our solution compared to state-of-the-art systems.

The pervasive presence of smart objects in almost every corner of our everyday life urges the security of such embedded systems to be the point of attention. Memory vulnerabilities in the embedded program code, such as buffer overflow, are the entry point for powerful attack paradigms such as Code-Reuse Attacks (CRAs), in which attackers corrupt systems’ execution flow and maliciously alter their behavior. Control-Flow Integrity (CFI) has been proven to be the most promising approach against such kinds of attacks, and in the literature, a wide range of flow monitors are proposed, both hardware-based and software-based. While the formers are hardly applicable as they impose design alteration of underlying hardware modules, on the contrary, software solutions are more flexible and also portable to the existing devices. Real-Time Operating Systems (RTOS) and their key role in application development for embedded systems is the main concern regarding the application of the CFI solutions.This paper discusses the still open challenges and issues regarding the implementation of control-flow integrity policies on operating systems for embedded systems, analyzing the solutions proposed so far in the literature, highlighting possible limits in terms of performance, applicability, and protection coverage, and proposing possible improvement directions.

The 5G network systems are evolving and have complex network infrastructures. There is a great deal of work in this area focused on meeting the stringent service requirements for the 5G networks. Within this context, security requirements play a critical role as 5G networks can support a range of services such as healthcare services, financial and critical infrastructures. 3GPP and ETSI have been developing security frameworks for 5G networks. Our work in 5G security has been focusing on the design of security architecture and mechanisms enabling dynamic establishment of secure and trusted end to end services as well as development of mechanisms to proactively detect and mitigate security attacks in virtualised network infrastructures. The focus of this paper is on the latter, namely the facilities and mechanisms, and the design of a security architecture providing facilities and mechanisms to detect and mitigate specific security attacks. We have developed a simplified version of the security architecture using Software Defined Networks (SDN) and Network Function Virtualisation (NFV) technologies. The specific security functions developed in this architecture can be directly integrated into the 5G core network facilities enhancing its security.