Biblio

This paper presents an overhead analysis of the use of digital signature mechanisms in the Message Queue Telemetry Transport (MQTT) protocol for three classes of constrained-device. Because the resources provided by constrained-devices are very limited, the purpose of this overhead analysis is to help find out the advantages and disadvantages of each class of constrained-devices after a security mechanism has been applied, namely by applying a digital signature mechanism. The objective of using this digital signature mechanism is for providing integrity, that if the payload sent and received in its destination is still original and not changed during the transmission process. The overhead analysis aspects performed are including analyzing decryption time, signature verification performance, message delivery time, memory and flash usage in the three classes of constrained-device. Based on the overhead analysis result, it can be seen that for decryption time and signature verification performance, the Class-2 device is the fastest one. For message delivery time, the smallest time needed for receiving the payload is Class-l device. For memory usage, the Class-2 device is providing the biggest available memory and flash.

This paper describes a realisation of a ResNet face recognition method through Zigbee-based wireless protocol. The system uses a CC2530 Zigbee-based radio frequency chip with connected VC0706 camera on it. The Arduino Nano had been used for organisation of data compression and effective division of Zigbee packets. The proposed solution also simplifies a data transmission within a strict bandwidth of Zigbee protocol and reliable packet forwarding in case of frequency distortion. The following investigation model uses Raspberry Pi 3 with connected Zigbee End Device (ZED) for successful receiving of important images and acceleration of deep learning interfaces. The model is integrated into a smart security system based on Zigbee modules, MySQL database, Android application and works in the background by using daemons procedures. To protect data, all wireless connections had been encrypted by the 128-bit Advanced Encryption Standard (AES-128) algorithm. Experimental results show a possibility to implement complex systems under restricted requirements of available transmission protocols.

As a collection of innovative technologies, blockchain has solved the problem of reliable transmission and exchange of information on untrusted networks. The underlying implementation is the basis for the reliability of blockchain, which consists of various cryptographic algorithms for the use of identity authentication and privacy protection of distributed ledgers. The cryptographic algorithm plays a vital role in the blockchain, which guarantees the confidentiality, integrity, verifiability and non-repudiation of the blockchain. In order to get the most suitable cryptographic algorithm for the blockchain system, this paper proposed a method using Fuzzy Analytic Hierarchy Process (FAHP) to evaluate and score the comprehensive performance of the three types of cryptographic algorithms applied in the blockchain, including symmetric cryptographic algorithms, asymmetric cryptographic algorithms and hash algorithms. This paper weighs the performance differences of cryptographic algorithms considering the aspects of security, operational efficiency, language and hardware support and resource consumption. Finally, three cryptographic algorithms are selected that are considered to be the most suitable ones for block-chain systems, namely ECDSA, sha256 and AES. This result is also consistent with the most commonly used cryptographic algorithms in the current blockchain development direction. Therefore, the reliability and practicability of the algorithm evaluation pro-posed in this paper has been proved.

An image forgery method called Deepfakes can cause security and privacy issues by changing the identity of a person in a photo through the replacement of his/her face with a computer-generated image or another person's face. Therefore, a new challenge of detecting Deepfakes arises to protect individuals from potential misuses. Many researchers have proposed various binary-classification based detection approaches to detect deepfakes. However, binary-classification based methods generally require a large amount of both real and fake face images for training, and it is challenging to collect sufficient fake images data in advance. Besides, when new deepfakes generation methods are introduced, little deepfakes data will be available, and the detection performance may be mediocre. To overcome these data scarcity limitations, we formulate deepfakes detection as a one-class anomaly detection problem. We propose OC-FakeDect, which uses a one-class Variational Autoencoder (VAE) to train only on real face images and detects non-real images such as deepfakes by treating them as anomalies. Our preliminary result shows that our one class-based approach can be promising when detecting Deepfakes, achieving a 97.5% accuracy on the NeuralTextures data of the well-known FaceForensics++ benchmark dataset without using any fake images for the training process.

In Robotics Operating System Process correspondence is the instrument given by the working framework that enables procedures to speak with one another Message passing model enables different procedures to peruse and compose information to the message line without being associated with one another, messages going between Robots. ROS is intended to be an inexactly coupled framework where a procedure is known as a hub and each hub ought to be answerable for one assignment. In the military application robots will go to go about as an officer and going ensure nation. In the referenced idea robot solider will give the message passing idea then the officers will go caution and start assaulting on the foes.

Autonomous technologies have been rapidly replacing the traditional manual intervention nearly in every aspect of our life. These technologies essentially require robots to carry out their automated processes. Nowadays, with the emergence of industry 4.0, robots are increasingly being remote-controlled via client-server connection, which creates uncommon vulnerabilities that allow attackers to target those robots. The development of an open source operational environment for robots, known as Robot Operating System (ROS) has come as a response to these demands. Security and privacy are crucial for the use of ROS as the chance of a compromise may lead to devastating ramifications. In this paper, an overview of ROS and the attacks targeting it are detailed and discussed. Followed by a review of the ROS security and digital investigation studies.

Given a selected complex orthogonal space-time block code (STBC), transformation algorithms are provided to build a set, S, of unique orthogonal STBCs with cardinality equal to \textbackslashtextbarS\textbackslashtextbar = 2r+c+k-1·r!·c!, where r, c, and k are the number of rows, columns, and data symbols in the STBC matrix, respectively. A communications link is discussed that encodes data symbols with a chosen STBC from the set known only to the transmitter and intended receiver as a means of providing physical layer security (PLS). Expected bit error rate (BER) and informationtheoretic results for an eavesdropper with a priori knowledge of the communications link parameters with the exception of the chosen STBC are presented. Monte Carlo simulations are provided to confirm the possible BER results expected when decoding the communications link with alternative STBCs from the set. Application of the transformation algorithms provided herein are shown to significantly increase the brute force decoding complexity of an eavesdropper compared to a related work in the literature.

Attacks by Jamming on wireless communication network can provoke Denial of Services. According to the communication system which is affected, the consequences can be more or less critical. In this paper, we propose to develop an algorithm which could be implemented at the reception stage of a communication terminal in order to detect the presence of jamming signals. The work is performed on Wi-Fi communication signals and demonstrates the necessity to have a specific signal processing at the reception stage to be able to detect the presence of jamming signals.

Selecting the best path in multi-path heterogeneous networks is challenging. Multi-path TCP uses by default a scheduler that selects the path with the minimum round trip time (minRTT). A well-known problem is head-of-line blocking at the receiver when packets arrive out of order on different paths. We shed light on another issue that occurs if scheduling have to deal with deep queues in the network. First, we highlight the relevance by a real-world experiment in cellular networks that often deploy deep queues. Second, we elaborate on the issues with minRTT scheduling and deep queues in a simplified network to illustrate the root causes; namely the interaction of the minRTT scheduler and loss-based congestion control that causes extensive bufferbloat at network elements and distorts RTT measurement. This results in extraordinary large buffer sizes for full utilization. Finally, we discuss mitigation techniques and show how alternative congestion control algorithms mitigate the effect.

With the rapid progression of Information and Communication Technology (ICT) and especially of Internet of Things (IoT), the conventional electrical grid is transformed into a new intelligent paradigm, known as Smart Grid (SG). SG provides significant benefits both for utility companies and energy consumers such as the two-way communication (both electricity and information), distributed generation, remote monitoring, self-healing and pervasive control. However, at the same time, this dependence introduces new security challenges, since SG inherits the vulnerabilities of multiple heterogeneous, co-existing legacy and smart technologies, such as IoT and Industrial Control Systems (ICS). An effective countermeasure against the various cyberthreats in SG is the Intrusion Detection System (IDS), informing the operator timely about the possible cyberattacks and anomalies. In this paper, we provide an anomaly-based IDS especially designed for SG utilising operational data from a real power plant. In particular, many machine learning and deep learning models were deployed, introducing novel parameters and feature representations in a comparative study. The evaluation analysis demonstrated the efficacy of the proposed IDS and the improvement due to the suggested complex data representation.

The security threats to mobile applications are growing explosively. Mobile apps flaws and security defects open doors for hackers to break in and access sensitive information. Defensive requirements analysis should be an integral part of secure mobile SDLC. Developers need to consider the information confidentiality and data integrity, to verify the security early in the development lifecycle rather than fixing the security holes after attacking and data leaks take place. Early eliminating known security vulnerabilities will help developers increase the security of apps and reduce the likelihood of exploitation. However, many software developers lack the necessary security knowledge and skills at the development stage, and that's why Secure Mobile Software Development education is very necessary for mobile software engineers. In this paper, we propose a guided security requirement analysis based on OWASP Mobile Top ten security risk recommendations for Android mobile software development and its traceability of the developmental controls in SDLC. Building secure apps immune to the OWASP Mobile Top ten risks would be an effective approach to provide very useful mobile security guidelines.

Several assessment techniques and methodologies exist to analyze the security of an application dynamically. However, they either are focused on a particular product or are mainly concerned about the assessment process rather than the product's security confidence. Most crucially, they tend to assess the security of a target application as a standalone artifact without assessing its host infrastructure. Such attempts can undervalue the overall security posture since the infrastructure becomes crucial when it hosts a critical application. We present an ontology-based security model that aims to provide the necessary knowledge, including network settings, application configurations, testing techniques and tools, and security metrics to evaluate the security aptitude of a critical application in the context of its hosting infrastructure. The objective is to integrate the current good practices and standards in security testing and virtualization to furnish an on-demand and test-ready virtual target infrastructure to execute the critical application and to initiate a context-aware and quantifiable security assessment process in an automated manner. Furthermore, we present a security assessment architecture to reflect on how the ontology can be integrated into a standard process.

The globalization of supply chain makes semiconductor chips susceptible to various security threats. Design obfuscation techniques have been widely investigated to thwart intellectual property (IP) piracy attacks. Key distribution among IP providers, system integration team, and end users remains as a challenging problem. This work proposes an orthogonal obfuscation method, which utilizes an orthogonal matrix to authenticate obfuscation keys, rather than directly examining each activation key. The proposed method hides the keys by using an orthogonal obfuscation algorithm to increasing the key retrieval time, such that the primary keys for IP cores will not be leaked. The simulation results show that the proposed method reduces the key retrieval time by 36.3% over the baseline. The proposed obfuscation methods have been successfully applied to ISCAS'89 benchmark circuits. Experimental results indicate that the orthogonal obfuscation only increases the area by 3.4% and consumes 4.7% more power than the baseline1.

Recognising user behaviour in real time is an important element of providing appropriate information and help to take suitable action or decision regarding cybersecurity threats. A user's security behaviour profile is a set of structured data and information to describe a user in an interactive environment between the user and computer. The first step for behaviour profiling is user behaviour model development including data collection. The data collection should be transparent as much as possible with minimum user interaction. Monitoring individual actions to obtain labelled training data is less costly and more effective in creating a behaviour profile. The most challenging issue in computer user security can be identifying suitable data. This research aims to determine required observation measures to capture user-system interactions to understand user's behaviour and create a user profile for cybersecurity purposes.

Dynamic network security services have been proposed exploiting the benefits of Software Defined Networking (SDN) and Network Functions Virtualization (NFV) technologies. However, many of these services rely on controller interaction, which presents a performance and scalability challenge, and a threat vector. To overcome the performance issue, stateful data-plane designs have been proposed. Unfortunately, these solutions do not offer protection from attacks that exploit the SDN implementation of network functions such as topology and path update, or services such as the Address Resolution Protocol (ARP). In this work, we propose state-based SDN security protection mechanisms. Our stateful security data plane solution, OFMTL-SEC, is designed to provide protection against attacks on SDN and traditional network services. Specifically, we present a novel data plane protection against configuration-based attacks in SDN and against ARP spoofing. OFMTL-SEC is compared with the state-of-the-art solutions and offers increased security to SDNs with negligible performance impact.

The distribution of video contents generated by Content Providers (CPs) significantly contributes to increase the congestion within the networks of Internet Service Providers (ISPs). To alleviate this problem, CPs can serve a portion of their catalogues to the end users directly from servers (i.e., the caches) located inside the ISP network. Users served from caches perceive an increased QoS (e.g., average retrieval latency is reduced) and, for this reason, caching can be considered a form of traffic prioritization. Hence, since the storage of caches is limited, its subdivision among several CPs may lead to discrimination. A static subdivision that assignes to each CP the same portion of storage is a neutral but ineffective appraoch, because it does not consider the different popularities of the CPs' contents. A more effective strategy consists in dividing the cache among the CPs proportionally to the popularity of their contents. However, CPs consider this information sensitive and are reluctant to disclose it. In this work, we propose a protocol based on Shamir Secret Sharing (SSS) scheme that allows the ISP to calculate the portion of cache storage that a CP is entitled to receive while guaranteeing network neutrality and resource efficiency, but without violating its privacy. The protocol is executed by the ISP, the CPs and a Regulator Authority (RA) that guarantees the actual enforcement of a fair subdivision of the cache storage and the preservation of privacy. We perform extensive simulations and prove that our approach leads to higher hit-rates (i.e., percentage of requests served by the cache) with respect to the static one. The advantages are particularly significant when the cache storage is limited.

This work studies the optimization of spectrum pooling for the downlink of a multi-tenant Cloud Radio Access Network (C-RAN) system in the presence of inter-tenant privacy constraints. The spectrum available for downlink transmission is partitioned into private and shared subbands, and the participating operators cooperate to serve the user equipments (UEs) on the shared subband. The network of each operator consists of a cloud processor (CP) that is connected to proprietary radio units (RUs) by means of finite-capacity fronthaul links. In order to enable inter-operator cooperation, the CPs of the participating operators are also connected by finite-capacity backhaul links. Inter-operator cooperation may hence result in loss of privacy. The problem of optimizing the bandwidth allocation, precoding, and fronthaul/backhaul compression strategies is tackled under constraints on backhaul and fronthaul capacity, as well as on per-RU transmit power and inter-onerator privacy.

The confinement of light in three dimensions (3D) is an active research topic in Nanophotonics, since it allows for ultimate control over photons [1]. A powerful tool to this end is a 3D photonic band gap crystal with a tailored defect that acts as a cavity or even a waveguide [2]. When a one-dimensional array of cavities is coupled, an intricate waveguiding system appears, known as a CROW (coupled resonator optical waveguide) [3]. Remarkably, 3D superlattices of coupled cavities that resonate inside a 3D band gap have not been studied to date. Recently, theoretical work has predicted the occurrence of "Cartesian light", wherein light propagates by hopping only in high symmetry directions in space [4]. This represents the optical analog of the Anderson model for spins or electrons that is relevant for neuromorphic computing and may lead to intricate lasing [5].

A Unique Object (UNO) is a physical object with unique characteristics that can be measured externally. The usually analogue measurement can be converted into a digital representation - a fingerprint - which uniquely identifies the object. For practical applications it is necessary that measurements can be performed without the need of specialist equipment or complex measurement setup. Furthermore, a UNO should be able to defeat simulation attacks; an attacker may replace the UNO with a device or system that produces the expected measurement. Recently a novel type of UNOs based on Quantum Dots (QDs) and exhibiting unique photo-luminescence properties has been proposed. The uniqueness of these UNOs is based on quantum effects that can be interrogated using a light source and a camera. The so called Quantum Confinement UNO (QCUNO) responds uniquely to different light excitation levels which is exploited for simulation attack protection, as opposed to focusing on features too small to reproduce and therefore difficult to measure. In this paper we describe methods for extraction of fingerprints from the QCUNO. We evaluate our proposed methods using 46 UNOs in a controlled setup. Focus of the evaluation are entropy, error resilience and the ability to detect simulation attacks.

IoT based technology are drastically accelerating the informationization development of the power grid system of China that consists of a huge number of power terminal devices interconnected by the network of electric power IoT. However, the networked power terminal equipment oriented cyberspace security has continually become a challenging problem as network attack is continually varying and evolving. In this paper, we concentrate on the security risk of power terminal equipment and their vulnerability based on ATP attack detection and defense. We first analyze the attack mechanism of APT security attack based on power terminal equipment. Based on the analysis of the security and attack of power IoT terminal device, an ontology-based knowledge representation method of power terminal device and its vulnerability is proposed.

Anonymous Communication (AC) hides traffic patterns and protects message metadata from being leaked during message transmission. Many practical AC systems have been proposed aiming to reduce communication latency and support a large number of users. However, how to design AC systems which possess strong security property and at the same time achieve optimal performance (i.e., the lowest latency or highest horizontal scalability) has been a challenging problem. In this paper, we propose an ObliComm framework, which consists of six modular AC subroutines. We also present a strong security definition for AC, named oblivious communication, encompassing confidentiality, unobservability, and a new requirement sending-and-receiving operation hiding. The AC subroutines in ObliComm allow for modular construction of oblivious communication systems in different network topologies. All constructed systems satisfy oblivious communication definition and can be provably secure in the universal composability (UC) framework. Additionally, we model the relationship between the network topology and communication measurements by queuing theory, which enables the system's efficiency can be optimized and estimated by quantitative analysis and calculation. Through theoretical analyses and empirical experiments, we demonstrate the efficiency of our scheme and soundness of the queuing model.

Over the last decade, a technology called Internet of Things (IoT) has been evolving at a rapid pace. It enables the development of endless applications in view of availability of affordable components which provide smart ecosystems. The IoT devices are constrained devices which are connected to the internet and perform sensing tasks. Each device is identified by their unique address and also makes use of the Constrained Application Protocol (CoAP) as one of the main web transfer protocols. It is an application layer protocol which does not maintain secure channels to transfer information. For authentication and end-to-end security, Datagram Transport Layer Security (DTLS) is one of the possible approaches to boost the security aspect of CoAP, in addition to which there are many suggested ways to protect the transmission of sensitive information. CoAP uses DTLS as a secure protocol and UDP as a transfer protocol. Therefore, the attacks on UDP or DTLS could be assigned as a CoAP attack. An attack on DTLS could possibly be launched in a single session and a strong authentication mechanism is needed. Man-In-The-Middle attack is one the peak security issues in CoAP as cited by Request For Comments(RFC) 7252, which encompasses attacks like Sniffing, Spoofing, Denial of Service (DoS), Hijacking, Cross-Protocol attacks and other attacks including Replay attacks and Relay attacks. In this work, a client-server architecture is setup, whose end devices communicate using CoAP. Also, a proxy system was installed across the client side to launch an active interception between the client and the server. The work will further be enhanced to provide solutions to mitigate these attacks.

With the gradual progress of cloud computing, big data, network virtualization and other network technology. The traditional network architecture can no longer support this huge business. At this time, the clean slate team defined a new network architecture, SDN (Software Defined Network). It has brought about tremendous changes in the development of today's networks. The controller sends the flow table down to the switch, and the data flow is forwarded through matching flow table items. However, the current flow table resources of the SDN switch are very limited. Therefore, this paper studies the technology of the latest SDN Flow table optimization at home and abroad, proposes an efficient optimization scheme of Flow table item on the betweenness centrality through the main road selection algorithm, and realizes related applications by setting up experimental topology. Experiments show that this scheme can greatly reduce the number of flow table items of switches, especially the more hosts there are in the topology, the more obvious the experimental effect is. And the experiment proves that the optimization success rate is over 80%.

BLE is used to transmit and receive data between sensors and devices. Most of the IOT devices employ BLE for wireless communication because it suits their requirements such as less energy constraints. The major security vulnerabilities in BLE protocol can be used by attacker to perform MITM attacks and hence violating confidentiality and integrity of data. Although BLE 4.2 prevents most of the attacks by employing elliptic-curve diffie-Hellman to generate LTK and encrypt the data, still there are many devices in the market that are using BLE 4.0, 4.1 which are vulnerable to attacks. This paper shows the simple demonstration of possible attacks on BLE devices that use various existing tools to perform spoofing, MITM and firmware attacks. We also discussed the security, privacy and its importance in BLE devices.

Mobile crowd sensing (MCS) is a rapidly developing technique for information collection from the users of mobile devices. This technique deals with participants' personal information such as their identities and locations, thus raising significant security and privacy concerns. Accordingly, anonymous authentication schemes have been widely considered for preserving participants' privacy in MCS. However, mobile devices are easy to lose and vulnerable to device capture attacks, which enables an attacker to extract the private authentication key of a mobile application and to further invade the user's privacy by linking sensed data with the user's identity. To address this issue, we have devised a special anonymous authentication scheme where the authentication request algorithm can be obfuscated into an unintelligible form and thus the authentication key is not explicitly used. This scheme not only achieves authenticity and unlinkability for participants, but also resists impersonation, replay, denial-of-service, man-in-the-middle, collusion, and insider attacks. The scheme's obfuscation algorithm is the first obfuscator for anonymous authentication, and it satisfies the average-case secure virtual black-box property. The scheme also supports batch verification of authentication requests for improving efficiency. Performance evaluations on a workstation and smart phones have indicated that our scheme works efficiently on various devices.