Biblio

The energy sector is facing increasing risks, mainly concerning fraudulent activities and cyberattacks. This paradigm shift in risks would require innovative solutions. This paper proposes an innovative architecture based on Distributed Ledger Technologies (Blockchain) and Triple Entry Accounting (X-Accounting). The proposed architecture focusing on new applications of payment and billing would improve accountability and compliance as well as security and reliability. Future research can extend this architecture to other energy technologies and systems like EMS/SCADA and associated applications.

This paper introduces a scheme for achieving trustworthy computing on SoCs that use an outsourced AXI interconnect for on-chip communication. This is achieved through component guarding, data tagging, event verification, and consequently responding dynamically to an attack. Experimental results confirm the ability of the proposed scheme to detect HT attacks and respond to them at run-time. The proposed scheme extends the state-of-art in trustworthy computing on untrustworthy components by focusing on the issue of an untrusted on-chip interconnect for the first time, and by developing a scheme that is independent of untrusted third-party IP.

The outsourcing of portions of the integrated circuit design chain, mainly fabrication, to untrusted parties has led to an increasing concern regarding the security of fabricated ICs. To mitigate these concerns a number of approaches have been developed, including logic locking. The development of different logic locking methods has influenced research looking at different security evaluations, typically aimed at uncovering a secret key. In this paper, we make the case that corruptibility for incorrect keys is an important metric of logic locking. To measure corruptibility for circuits too large to exhaustively simulate, we describe an ATPG-based method to measure the corruptibility of incorrect keys. Results from applying the method to various circuits demonstrate that this method is effective at measuring the corruptibility for different locks.

Multicore processors are currently the focus of new and future critical-system architectures. However, they introduce new problems in regards to safety and security requirements. Real-time control flow monitoring techniques were proposed as solutions to detect the most common types of program errors and security attacks. We propose a new way to use the latest debug and trace architectures to achieve full and isolated real-time control flow monitoring. We present an online trace decoder FPGA component as a solution in the search for scalable and portable monitoring architectures. Our FPGA accelerator achieves real-time CPU monitoring with only 8% of used resources in a Zynq-7000 FPGA.

Cybersecurity is becoming very crucial in the today's world where technology is now not limited to just computers, smartphones, etc. It is slowly entering into things that are used on daily basis like home appliances, automobiles, etc. Thus, opening a new door for people with wrong intent. With the increase in speed of technology dealing with such issues also requires quick response from security people. Thus, dealing with huge variety of devices quickly will require some extent of automation in this field. Generating threat intelligence automatically and also including those which are multilingual will also add plus point to prevent well known major attacks. Here we are proposing an AI based SOAR system in which the data from various sources like firewalls, IDS, etc. is collected with individual event profiling using a deep-learning detection method. For this the very first step is that the collected data from different sources will be converted into a standardized format i.e. to categorize the data collected from different sources. For standardized format Here our system finds out about the true positive alert for which the appropriate/ needful steps will be taken such as the generation of Indicators of Compromise report and the additional evidences with the help of Security Information and Event Management system. The security alerts will be notified to the security teams with the degree of threat.

Face recognition has been used widely for personal authentication. However, there is a problem that it is vulnerable to a presentation attack in which a counterfeit such as a photo is presented to a camera to impersonate another person. Although various presentation attack detection methods have been proposed, these methods have not been able to sufficiently cope with the diversity of the heterogeneous environments including presentation attack instruments (PAIs) and lighting conditions. In this paper, we propose Learning by Environment Clusters (LEC) which divides training data into some clusters of similar photographic environments and trains bona-fide and attack classification models for each cluster. Experimental results using Replay-Attack, OULU-NPU, and CelebA-Spoof show the EER of the conventional method which trains one classification model from all data was 20.0%, but LEC can achieve 13.8% EER when using binarized statistical image features (BSIFs) and support vector machine used as the classification method.

Mitigation of dangers posed by authorized and trusted insiders to the organization is a challenging Cyber Security issue. Despite state-of-the-art cyber security practices, malicious insiders present serious threat for the enterprises due to their wider access to organizational resources (Physical, Cyber) and good knowledge of internal processes with potential vulnerabilities. The issue becomes particularly important for isolated (air-gapped) computer networks, normally used by security sensitive organizations such as government, research and development, critical infrastructure (e.g. power, nuclear), finance, and military. Such facilities are difficult to compromise from outside; however, are quite much prone to insider threats. Although many insider threat taxonomies exist for generic computer networks; yet, the existing taxonomies do not effectively address the issue of Insider Threat in isolated computer networks. Thereby, we have developed an insider threat taxonomy specific to isolated computer networks focusing on actions performed by the trusted individual(s), Our methodology is to identify limitations in existing taxonomies and map real world insider threat cases on proposed taxonomy. We argue that for successful attack in an isolated computer network, the attack must manifest in both Physical and Cyber world. The proposed taxonomy systematically classifies different aspects of the problem into separate dimensions and branches out these dimensions into further sub-categories without loss of general applicability. Our multi-dimensional hierarchical taxonomy provides comprehensive treatment of the insider threat problem in isolated computer networks; thus, improving situational awareness of the security analyst and helps in determining proper countermeasures against perceived threats. Although many insider threat taxonomies exist for generic computer networks; yet, the existing taxonomies do not effectively address the issue of Insider Threat in isolated computer networks. Thereby, we have developed an insider threat taxonomy specific to isolated computer networks focusing on actions performed by the trusted individual(s), Our methodology is to identify limitations in existing taxonomies and map real world insider threat cases on proposed taxonomy. We argue that for successful attack in an isolated computer network, the attack must manifest in both Physical and Cyber world. The proposed taxonomy systematically classifies different aspects of the problem into separate dimensions and branches out these dimensions into further sub-categories without loss of general applicability. Our multi-dimensional hierarchical taxonomy provides comprehensive treatment of the insider threat problem in isolated computer networks; thus, improving situational awareness of the security analyst and helps in determining proper countermeasures against perceived threats. The proposed taxonomy systematically classifies different aspects of the problem into separate dimensions and branches out these dimensions into further sub-categories without loss of general applicability. Our multi-dimensional hierarchical taxonomy provides comprehensive treatment of the insider threat problem in isolated computer networks; thus, improving situational awareness of the security analyst and helps in determining proper countermeasures against perceived threats.

Advanced persistent threats targeting sensitive corporations, are becoming today stealthier and more complex, coordinating different attacks steps and lateral movements, and trying to stay undetected for long time. Classical security solutions that rely on signature-based detection can be easily thwarted by malware using obfuscation and encryption techniques. More recent solutions are using machine learning approaches for detecting outliers. Nevertheless, the majority of them reason on tabular unstructured data which can lead to missing obvious conclusions. We propose in this paper a novel approach that leverages a combination of both knowledge graphs and machine learning techniques to detect and predict attacks. Using Cyber Threat Intelligence (CTI), we built a knowledge graph that processes event logs in order to not only detect attack techniques, but also learn how to predict them.

In recent years, several trust management frame-works and models have been proposed for the Internet of Things (IoT). Focusing primarily on distributed trust management schemes; testing and validation of these models is still a challenging task. It requires the implementation of the proposed trust model for verification and validation of expected outcomes. Nevertheless, a stand-alone and standard IoT network simulator for testing of distributed trust management scheme is not yet available. In this paper, a .NET-based Distributed Trust Management Simulator for IoT Networks (DTMSim-IoT) is presented which enables the researcher to implement any static/dynamic trust management model to compute the trust value of a node. The trust computation will be calculated based on the direct-observation and trust value is updated after every transaction. Transaction history and logs of each event are maintained which can be viewed and exported as .csv file for future use. In addition to that, the simulator can also draw a graph based on the .csv file. Moreover, the simulator also offers to incorporate the feature of identification and mitigation of the On-Off Attack (OOA) in the IoT domain. Furthermore, after identifying any malicious activity by any node in the networks, the malevolent node is added to the malicious list and disseminated in the network to prevent potential On-Off attacks.

Physical layer authentication scheme for node authentication using the time-reversal (TR) process and the location-specific key feature of the channel impulse response (CIR) in an underwater time-varying multipath environment is proposed. TR is a well-known signal focusing technique in signal processing; this focusing effect is used by the database maintaining node to authenticate the sensor node by convolving the estimated CIR from a probe signal with its database of CIRs. Maximum time-reversal resonating strength (MTRRS) is calculated to make an authentication decision. This work considers a static underwater acoustic sensor network (UASN) under the “Alice- Bob-Eve” scenario. The performance of the proposed scheme is expressed by the Probability of Detection (PD) and the Probability of False Alarm (PFA).

The growth of IoT devices during the last decade has led to the development of smart ecosystems, such as smart homes, prone to cyberattacks. Traditional security methodologies support to some extend the requirement for preserving privacy and security of such deployments, but their centralized nature in conjunction with low computational capabilities of smart home gateways make such approaches not efficient. Last achievements on blockchain technologies allowed the use of such decentralized architectures to support cybersecurity defence mechanisms. In this work, a blockchain framework is presented to support the cybersecurity mechanisms of smart homes installations, focusing on the immutability of users and devices that constitute such environments. The proposed methodology provides also the appropriate smart contracts support for ensuring the integrity of the smart home gateway and IoT devices, as well as the dynamic and immutable management of blocked malicious IPs. The framework has been deployed on a real smart home environment demonstrating its applicability and efficiency.

The growing prevalence of Internet-of-Things (IoT) technology has led to an increase in the development of heterogeneous smart applications. Smart applications may involve a collaborative participation between IoT devices. Participation of IoT devices for specific application requires a tamper-proof identity to be generated and stored, in order to completely represent the device, as well as to eliminate the possibility of identity spoofing and presence of rogue devices in a network. In this paper, we present a composite Identity-of-Things (IDoT) approach on IoT devices with permissioned blockchain implementation for distributed identity management model. Our proposed approach considers both application and device domains in generating the composite identity. In addition, the use of permissioned blockchain for identity storage and verification allows the identity to be immutable. A simulation has been carried out to demonstrate the application of the proposed identity management model.

Security of cloud storage and sharing is concerned for years since a semi-trusted party, Cloud Server Provider (CSP), has access to user data on cloud server that may leak users' private data without constraint. Intuitively, an efficient solution of protecting cloud data is to encrypt it before uploading to the cloud server. However, a new requirement, data sharing, makes it difficult to manage secret keys among data owners and target users. Therefore conditional proxy broadcast re-encryption technology (CPBRE) is proposed in recent years to provide data encryption and sharing approaches for cloud environment. It enables a data owner to upload encrypted data to the cloud server and a third party proxy can re-encrypted cloud data under certain condition to a new ciphertext so that target users can decrypt re-encrypted data using their own private key. But few CPBRE schemes are applicable for a dynamic cloud environment. In this paper, we propose a new dynamic conditional proxy broadcast reencryption scheme that can be dynamic in system user setting and target user group. The initialization phase does not require a fixed system user setup so that users can join or leave the system in any time. And data owner can dynamically change the group of user he wants to share data with. We also provide security analysis which proves our scheme to be secure against CSP, and performance analysis shows that our scheme exceeds other schemes in terms of functionality and resource cost.

Recent advances in web technology have made in-browser crypto-mining a viable funding model. However, these services have been abused to launch large-scale cryptojacking attacks to secretly mine cryptocurrency in browsers. To detect them, various signature-based or runtime feature-based methods have been proposed. However, they can be imprecise or easily circumvented. To this end, we propose MinerRay, a generic scheme to detect malicious in-browser cryptominers. Instead of leveraging unreliable external patterns, MinerRay infers the essence of cryptomining behaviors that differentiate mining from common browser activities in both WebAssembly and JavaScript contexts. Additionally, to detect stealthy mining activities without user consents, MinerRay checks if the miner can only be instantiated from user actions. MinerRay was evaluated on over 1 million websites. It detected cryptominers on 901 websites, where 885 secretly start mining without user consent. Besides, we compared MinerRay with five state-of-the-art signature-based or behavior-based cryptominer detectors (MineSweeper, CMTracker, Outguard, No Coin, and minerBlock). We observed that emerging miners with new signatures or new services were detected by MinerRay but missed by others. The results show that our proposed technique is effective and robust in detecting evolving cryptominers, yielding more true positives, and fewer errors.

During the Cold War era, countries with asymmetrical relationships often demonstrated how lower-tier nation states required the alliance and support from top-tier nation states. This statement no longer stands true as country such as North Korea has exploited global financial institutions through various malware such as WANNACRY V0, V1, V2, evtsys.exe, and BRAMBUL WORM. Top tier nation states such as the U.S. are unable to use diplomatic clout or to retaliate against the deferrer. Our study examined the affidavit filed against the North Korean hacker, Park Jin Hyok, which was provided by the FBI. Our paper focuses on the operations and campaigns that were carried out by the Lazarus Group by focusing on the key factors of the infrastructure and artifacts. Due to the nature of the cyber deterrence, deterrence in the cyber realm is far complex than the nuclear deterrence. We focused on the Sony Picture Entertainment’s incident for our study. In this study, we discuss how cyber deterrence can be employed when different nation states share an asymmetrical relationship. Furthermore, we focus on contestability and attribution that is a key factor that makes cyber deterrence difficult.

To preserve anonymity and obfuscate their identity on online platforms users may morph their text and portray themselves as a different gender or demographic. Similarly, a chatbot may need to customize its communication style to improve engagement with its audience. This manner of changing the style of written text has gained significant attention in recent years. Yet these past research works largely cater to the transfer of single style attributes. The disadvantage of focusing on a single style alone is that this often results in target text where other existing style attributes behave unpredictably or are unfairly dominated by the new style. To counteract this behavior, it would be nice to have a style transfer mechanism that can transfer or control multiple styles simultaneously and fairly. Through such an approach, one could obtain obfuscated or written text incorporated with a desired degree of multiple soft styles such as female-quality, politeness, or formalness. To the best of our knowledge this work is the first that shows and attempt to solve the issues related to multiple style transfer. We also demonstrate that the transfer of multiple styles cannot be achieved by sequentially performing multiple single-style transfers. This is because each single style-transfer step often reverses or dominates over the style incorporated by a previous transfer step. We then propose a neural network architecture for fairly transferring multiple style attributes in a given text. We test our architecture on the Yelp dataset to demonstrate our superior performance as compared to existing one-style transfer steps performed in a sequence.

Summary form only given. In this presentation, several issues regarding operating system security will be investigated. The general problems of OS security are to be addressed. We also discuss why we should consider the security aspects of the OS, and when a secure OS is needed. We delve into the topic of secure OS design as well focusing on covert channel analysis. The specific operating systems under consideration include Windows and Android.