Biblio

It can get the user's privacy and home energy use information by analyzing the user's electrical load information in smart grid, and this is an area of concern. A rechargeable battery may be used in the home network to protect user's privacy. In this paper, the battery can neither charge nor discharge, and the power of battery is adjustable, at the same time, we model the real user's electrical load information and the battery power information and the recorded electrical power of smart meters which are processed with discrete way. Then we put forward a heuristic algorithm which can make the rate of information leakage less than existing solutions. We use statistical methods to protect user's privacy, the theoretical analysis and the examples show that our solution makes the scene design more reasonable and is more effective than existing solutions to avoid the leakage of the privacy.

Processing smart grid data for analytics purposes brings about a series of privacy-related risks. In order to allow for the most suitable mitigation strategies, reasonable privacy risks need to be addressed by taking into consideration the perspective of each smart grid stakeholder separately. In this context, we use the notion of privacy concerns to reflect potential privacy risks from the perspective of different smart grid stakeholders. Privacy concerns help to derive privacy goals, which we represent using the goals structuring notation. Thus represented goals can more comprehensibly be addressed through technical and non-technical strategies and solutions. The thread of argumentation - from concerns to goals to strategies and solutions - is presented in form of a privacy case, which is analogous to the safety case used in the automotive domain. We provide an exemplar privacy case for the smart grid developed as part of the Aspern Smart City Research project.

Regulatory efforts such as the General Data Protection Regulation (GDPR) embody a notion of privacy risk that is centered around the fundamental rights of data subjects. This is, however, a fundamentally different notion of privacy risk than the one commonly used in threat modeling which is largely agnostic of involved data subjects. This mismatch hampers the applicability of privacy threat modeling approaches such as LINDDUN in a Data Protection by Design (DPbD) context. In this paper, we present a data subject-aware privacy risk assessment model in specific support of privacy threat modeling activities. This model allows the threat modeler to draw upon a more holistic understanding of privacy risk while assessing the relevance of specific privacy threats to the system under design. Additionally, we propose a number of improvements to privacy threat modeling, such as enriching Data Flow Diagram (DFD) system models with appropriate risk inputs (e.g., information on data types and involved data subjects). Incorporation of these risk inputs in DFDs, in combination with a risk estimation approach using Monte Carlo simulations, leads to a more comprehensive assessment of privacy risk. The proposed risk model has been integrated in threat modeling tool prototype and validated in the context of a realistic eHealth application.

Blockchain technology is useful with the record keeping of digital transactions, IoT, supply chain management etc. However, we have observed that the traditional attacks are possible on blockchain due to lack of robust identity management. We found that Sybil attack can cause severe impact in public/permissionless blockchain, in which an attacker can subvert the blockchain by creating a large number of pseudonymous identities (i.e. Fake user accounts) and push legitimate entities in the minority. Such virtual nodes can act like genuine nodes to create disproportionately large influence on the network. This may lead to several other attacks like DoS, DDoS etc. In this paper, a Sybil attack is demonstrated on a blockchain test bed with its impact on the throughput of the system. We propose a solution directive, in which each node monitors the behavior of other nodes and checks for the nodes which are forwarding the blocks of only particular user. Such nodes are quickly identified, blacklisted and notified to other nodes, and thus the Sybil attack can be restricted. We analyze experimental results of the proposed solution.

A common tool to defend against Sybil attacks is proof-of-work, whereby computational puzzles are used to limit the number of Sybil participants. Unfortunately, current Sybil defenses require significant computational effort to offset an attack. In particular, good participants must spend computationally at a rate that is proportional to the spending rate of an attacker. In this paper, we present the first Sybil defense algorithm which is asymmetric in the sense that good participants spend at a rate that is asymptotically less than an attacker. In particular, if T is the rate of the attacker's spending, and J is the rate of joining good participants, then our algorithm spends at a rate f O($\surd$(TJ) + J). We provide empirical evidence that our algorithm can be significantly more efficient than previous defenses under various attack scenarios. Additionally, we prove a lower bound showing that our algorithm's spending rate is asymptotically optimal among a large family of algorithms.

Disaster is an unexpected event in a system lifetime, which can be made by nature or even human errors. Disaster recovery of information technology is an area of information security for protecting data against unsatisfactory events. It involves a set of procedures and tools for returning an organization to a state of normality after an occurrence of a disastrous event. So the organizations need to have a good plan in place for disaster recovery. There are many strategies for traditional disaster recovery and also for cloud-based disaster recovery. This paper focuses on using cloud-based disaster recovery strategies instead of the traditional techniques, since the cloud-based disaster recovery has proved its efficiency in providing the continuity of services faster and in less cost than the traditional ones. The paper introduces a proposed model for virtual private disaster recovery on cloud by using two metrics, which comprise a recovery time objective and a recovery point objective. The proposed model has been evaluated by experts in the field of information technology and the results show that the model has ensured the security and business continuity issues, as well as the faster recovery of a disaster that could face an organization. The paper also highlights the cloud computing services and illustrates the most benefits of cloud-based disaster recovery.

Submarine optical-fiber cables are key components in the conveying of Internet data, and their failures have costly consequences. Currently, there are over a million km of such cables empowering the Internet. To carry the ever-growing Internet traffic, additional 100,000s of km of cables will be needed in the next few years. At an average cost of \$28,000 per km, this entails investments of billions of dollars. In current industry practice, cable paths are planned manually by experts. This paper surveys our recent work on cable path planning algorithms, where we use several methods to plan cable paths taking account of a range of cable risk factors in addition to cable costs. Two methods, namely, the fast marching method (FMM) and the Dijkstra's algorithm are applied here to long-haul cable path design in a new geographical region. A specific example is given to demonstrate the benefit of the FMM-based method in terms of the better path planning solutions over the Dijkstra's algorithm.

This paper investigates the secrecy outage performance of a dual-hop decode-and-forward (DF) mixed radio-frequency/underwater optical wireless communication (RF/UOWC) system. We consider a one-antenna source node ( S), communicating with one legitimate destination node (D) via a multi-antenna DF relay (R) node. In this context, the relay node receives the incoming signal from S via an RF link, which is subject to Rayleigh fading, then performes selection-combining (SC) followed by decoding and then re-encoding for transmission to the destination over a UOWC link, subject to mixture Exponential-Gamma fading. Under the assumption of eavesdroppers attempting to intercept the S-R (RF side), a closed-form expression for the secrecy outage probability is derived. Our analytical results are corroborated through computer simulations, which verifies their validity.

This paper investigates the secrecy outage performance of an energy harvesting-based dual-hop amplify-and-forward (AF) mixed radio-frequency/underwater optical wireless communication (RF/UOWC) system. A single-antenna source node (S) is considered, communicating with one legitimate destination node (D) with the aid of a multi-antenna AF relay (R) device. In this setup, the relay node receives the incoming signal from S via an RF link, which is subject to Nakagami-m fading, then performs maximal-ratio-combining (MRC) followed by a fixed-gain amplification, before transmitting it to the destination via a UOWC link, subject to mixture Exponential-Gamma fading. Assuming the presence of a malicious eavesdropper attempting to intercept the S- R hop, a tight approximate expression for the secrecy outage probability is retrieved. The derived results provide useful insights into the influence of key system parameters on the secrecy outage performance. Our analytical results are corroborated through computer simulations, which verifies their validity.

Software security is a major concern of the developers who intend to deliver a reliable software. Although there is research that focuses on vulnerability prediction and discovery, there is still a need for building security-specific metrics to measure software security and vulnerability-proneness quantitatively. The existing methods are either based on software metrics (defined on the physical characteristics of code; e.g. complexity or lines of code) which are not security-specific or some generic patterns known as nano-patterns (Java method-level traceable patterns that characterize a Java method or function). Other methods predict vulnerabilities using text mining approaches or graph algorithms which perform poorly in cross-project validation and fail to be a generalized prediction model for any system. In this paper, we envision to construct an automated framework that will assist developers to assess the security level of their code and guide them towards developing secure code. To accomplish this goal, we aim to refine and redefine the existing nano-patterns and software metrics to make them more security-centric so that they can be used for measuring the software security level of a source code (either file or function) with higher accuracy. In this paper, we present our visionary approach through a series of three consecutive studies where we (1) will study the challenges of the current software metrics and nano-patterns in vulnerability prediction, (2) will redefine and characterize the nano-patterns and software metrics so that they can capture security-specific properties of code and measure the security level quantitatively, and finally (3) will implement an automated framework for the developers to automatically extract the values of all the patterns and metrics for the given code segment and then flag the estimated security level as a feedback based on our research results. We accomplished some preliminary experiments and presented the results which indicate that our vision can be practically implemented and will have valuable implications in the community of software security.

Future networks require fast information response time, scalable content distribution, security and mobility. In order to enable future Internet many key enabling technologies have been proposed such as Edge computing (EC) and Named Data Networking (NDN). In EC substantial compute and storage resources are placed at the edge of the network, in close proximity to end users. Similarly, NDN provides an alternative to traditional host centric IP architecture which seems a perfect candidate for distributed computation. Although NDN with EC seems a promising approach for enabling future Internet, it can cause various challenges such as expiry time of the Pending Interest Table (PIT) and non-trivial computation of the edge node. In this paper we discuss the expiry time and non-trivial computation in NDN based EC. We argue that if NDN is integrated in EC, then the PIT expiry time will be affected in relation with the processing time on the edge node. Our analysis shows that integrating NDN in EC without considering PIT expiry time may result in the degradation of network performance in terms of Interest Satisfaction Rate.

Nowadays, everyone is living in a digital world with various of virtual experiences and realities, but all of them may eventually cause real threats in our real world. Some of these threats have been born together with the first electronic mail service. Some of them might be considered as really basic and simple, compared to others that were developed and advanced in time to adapt themselves for the security defense mechanisms of the modern digital world. On a daily basis, more than 238.4 billion emails are sent worldwide, which makes more than 2.7 million emails per second, and these statistics are only from the publicly visible networks. Having that information and considering around 60% and above of all emails as threatening or not legitimate, is more than concerning. Unfortunately, even the modern security measures and systems are not capable to identify and prevent all the fraudulent content that is created and distributed every day. In this paper we will cover the most common attack vectors, involving the already mass email infrastructures, the required contra measures to minimize the impact over the corporate environments and what else should be developed to mitigate the modern sophisticated email attacks.

The key concerns in VANET communication are the security and privacy of the vehicles involved, but at the same time an efficient way to provide non-repudiation in the ad-hoc network is an important requirement. Most schemes proposed are using public key infrastructure (PKI) or symmetric key encryption to achieve security in VANET; both individually lack in serving the required purpose of providing privacy preservation of the involved On-Board Units (OBUs) (while still being able to offer non-repudiation) and amount to very sizeable overheads in computation. This paper proposes a privacy-preserving authentication protocol that employs hybrid cryptography, using the best features of PKI and symmetric cryptography to form a protocol that is scalable, efficient and offers services of integrity, non-repudiation, conditional privacy, and unlinkability; while still keeping the computational overhead at a reasonable level. The performance and security analysis of this scheme is provided to support the propositions.

Capturing the patterns in adversarial movement can present crucial insight into team dynamics and organization of cybercrimes. This information can be used for additional assessment and comparison of decision making approaches during cyberattacks. In this study, we propose a data-driven analysis based on time series analysis and social networks to identify patterns and alterations in time allocated to intrusion stages and adversarial movements. The results of this analysis on two case studies of collegiate cybersecurity exercises is provided as well as an analytical comparison of their behavioral trends and characteristics. This paper presents preliminary insight into complexities of individual and group level adversarial movement and decision-making as cyberattacks unfold.

So-called IoT, based on use of enabling technologies like 5G, Wi-Fi, BT, NFC, RFID, IPv6 as well as being widely applied for sensor networks, robots, Wearable and Cyber-PHY, invades rapidly to our every day. There are a lot of apps and software platforms to IoT support. However, a most important problem of QoS optimization, which lays in Performance, Reliability and Scalability for IoT, is not yet solved. The extended Internet of the future needs these solutions based on the cooperation between fog and clouds with delegating of the analytics blocks via agents, adaptive interfaces and protocols. The next problem is as follows: IoT can generate large arrays of unmanaged, weakly-structured, and non-configured data of various types, known as "Big Data". The given papers deals with the both problems. A special problem is Security and Privacy in potentially "dangerous" IoTscenarios. Anyway, this subject needs as special discussion for risks evaluation and cooperative intrusion detection. Some advanced approaches for optimization of Performance, Reliability and Scalability for IoT-solutions are offered within the paper. The paper discusses the Best Practises and Case Studies aimed to solution of the established problems.

The paper considers data security and privacy issues in intelligent transportation systems which involve data streams coming out from individual vehicles to road side units. In this environment, there are issues in regards to the scalability of key management and computation limitations at the edge of the network. To address these issues, we suggest the formation of groups in the vehicular layer, where a group leader is assigned to communicate with group members and the road side unit. We propose a lightweight permutation mechanism for preserving the confidentiality and privacy of sensory data.

Scalability is an important design factor for evaluating the performance of routing protocols as the network size or traffic load increases. One of the most appropriate design methods is to use geographic routing approach to ensure scalability. This paper describes a scalability study comparing Secure Region Based Geographic Routing (SRBGR) and Dynamic Window Secure Implicit Geographic Forwarding (DWSIGF) protocols in various network density scenarios based on an end-to-end delay performance metric. The simulation studies were conducted in MATLAB 2106b where the network densities were varied according to the network topology size with increasing traffic rates. The results showed that DWSIGF has a lower end-to-end delay as compared to SRBGR for both sparse (15.4%) and high density (63.3%) network scenarios.Despite SRBGR having good security features, there is a need to improve the performance of its end-to-end delay to fulfil the application requirements.

Wearables are now ubiquitous items equipped with a multitude of sensors such as GPS, accelerometer, or Bluetooth. The raw data from this sensors are typically used in a health context. However, we can also use it for security purposes. In this paper, we present a solution that aims at using data from the sensors of a wearable device to identify the password a user is typing on a keyboard by using machine learning algorithms. Hence, the purpose is to determine whether a malicious third party application could extract sensitive data through the raw data that it has access to.

The security of an organization lies not only in physical buildings, but also in its information assets. Safeguarding information assets requires further study to establish optimal security mitigation steps. In determining the appropriate mitigation of information assets, both an information security risk assessment and a clear and measurable rating are required. Most risk management methods do not provide the right focus on ranking the critical information assets of an organization. This paper proposes a framework approach for ranking critical information assets. The proposed framework uses the OCTAVE Allegro method, which focuses on profiling information assets by combining ranking priority measurements using decision support system methods, such as Simple Additive Weighting (SAW) and Analytic Hierarchy Process (AHP). The combined OCTAVE Allegro-SAW and OCTAVE Allegro-AHP methods are expected to better address risk priority as an input to making mitigation decisions for critical information assets. These combinations will help management to avoid missteps in adjusting budget needs allocation or time duration by selecting asset information mitigation using the ranking results of the framework.

As the next generation of the power system, smart grid develops towards automated and intellectualized. Along with the benefits brought by smart grids, e.g., improved energy conversion rate, power utilization rate, and power supply quality, are the security challenges. One of the most important issues in smart grids is to ensure reliable communication between the secondary equipment. The state-of-art method to ensure smart grid security is to detect cyber attacks by deep learning. However, due to the small number of negative samples, the performance of the detection system is limited. In this paper, we propose a novel approach that utilizes the Generative Adversarial Network (GAN) to generate abundant negative samples, which helps to improve the performance of the state-of-art detection system. The evaluation results demonstrate that the proposed method can effectively improve the performance of the detection system by 4%.

Now-a-days, video steganography has developed for a secured communication among various users. The two important factor of steganography method are embedding potency and embedding payload. Here, a Multiple Object Tracking (MOT) algorithmic programs used to detect motion object, also shows foreground mask. Discrete wavelet Transform (DWT) and Discrete Cosine Transform (DCT) are used for message embedding and extraction stage. In existing system Least significant bit method was proposed. This technique of hiding data may lose some data after some file transformation. The suggested Multiple object tracking algorithm increases embedding and extraction speed, also protects secret message against various attackers.

In this paper we propose a solution to support iOS developers in creating better applications, to use static analysis to investigate source code and detect secure coding issues while simultaneously pointing out good practices and/or secure APIs they should use.

Intelligent voice assistants (IVAs) and other voice-enabled devices already form an integral component of the Internet of Things and will continue to grow in popularity. As their capabilities evolve, they will move beyond relying on the wake-words today’s IVAs use, engaging instead in continuous listening. Though potentially useful, the continuous recording and analysis of speech can pose a serious threat to individuals’ privacy. Ideally, users would be able to limit or control the types of information such devices have access to. But existing technical approaches are insufficient for enforcing any such restrictions. To begin formulating a solution, we develop a system- atic methodology for studying continuous-listening applications and survey architectural approaches to designing a system that enhances privacy while preserving the benefits of always-listening assistants.

Using security primitives, a novel scheme for licensing hardware intellectual properties (HWIPs) on Field Programmable Gate Arrays (FPGAs) in public clouds is proposed. The proposed scheme enforces a pay-per-use model, allows HWIP's installation only on specific on-cloud FPGAs, and efficiently protects the HWIPs from being cloned, reverse engineered, or used without the owner's authorization by any party, including a cloud insider. It also provides protection for the users' designs integrated with the HWIP on the same FPGA. This enables cloud tenants to license HWIPs in the cloud from the HWIP vendors at a relatively low price based on usage instead of paying the expensive unlimited HWIP license fee. The scheme includes a protocol for FPGA authentication, HWIP secure decryption, and usage by the clients without the need for the HWIP vendor to be involved or divulge their secret keys. A complete prototype test-bed implementation showed that the proposed scheme is very feasible with relatively low resource utilization. Experiments also showed that a HWIP could be licensed and set up in the on-cloud FPGA in 0.9s. This is 15 times faster than setting up the same HWIP from outside the cloud, which takes about 14s based on the average global Internet speed.

Sensitive data in a process could be scattered over the memory of a computer system for a prolonged period of time. Unfortunately, DRAM chips were proven insecure in previous studies. The problem becomes worse in the mobile environment, in which users' smartphones are easily lost or stolen. The powered-on phones may contain sensitive data in the vulnerable DRAM chips. In this paper, we propose MemVault, a mechanism to protect sensitive data in Android devices against physical memory attacks. MemVault keeps track of the propagation of well-marked sensitive data sources, and selectively encrypts tainted sensitive memory contents in the DRAM chip. When a tainted object is accessed, MemVault redirects the access to the internal RAM (iRAM), where the cipher-text object is decrypted transparently. iRAM is a system-on-chip (SoC) component which is by nature immune to physical memory exploits. We have implemented a MemVault prototype system, and have evaluated it with extensive experiments. Our results validate that MemVault effectively eliminates the occurrences of clear-text sensitive objects in DRAM chips, and imposes acceptable overheads.