Biblio

This paper represents the experimental implementation of an encryption-based visible light communication system for indoor communication over 14m, two single LED transmitters as the data source, and four receivers considered as data receivers for performance evaluation.

The concept of usage control goes beyond traditional access control by regulating not only the retrieval but also the processing of data. To be able to remotely enforce usage control policy the processing party requires a trusted execution environ-ment such as Intel SGX which creates so-called enclaves. In this paper we introduce Multi Enclave based Code from Template (MECT), an SGX-based architecture for trusted remote policy enforcement. MECT uses a multi-enclave approach in which an enclave generation service dynamically generates enclaves from pre-defined code and dynamic policy parameters. This approach leads to a small trusted computing base and highly simplified attestation while preserving functionality benefits. Our proof of concept implementation consumes customisable code from templates. We compare the implementation with other architectures regarding the trusted computing base, flexibility, performance, and modularity. This comparison highlights the security benefits for remote attestation of MECT.

With rapid advancement of Smart Grid as well as Internet of Things (IoT), current power distribution communication network faces the challenges of satisfying the emerging data transmission requirements of ubiquitous secure coverage for distributed power services. This paper focuses on secure ubiquitous wireless communication solution for power distribution Internet of Things (PDİoT) in Smart Grid. Detailed secure ubiquitous wireless communication networking topology is presented, and integrated encryption and communication device is developed. The proposed solution supports several State Secret cryptographic algorithm including SM1/SM2/SM3/SM4 as well as forward and reverse isolation functions, thus achieving secure wireless communication for PDİoT services.

After the emergence of the cloud architecture, many companies migrate their data from conventional storage i.e., on bare metal to the cloud storage. Since then huge amount of data was stored on cloud servers, which later resulted in redundancy of huge amount of data. Hence in this cloud world, many data de-duplication techniques has been widely used. Not only the redundancy but also made data more secure and privacy of the existing data were also increased. Some techniques got limitations and some have their own advantages based on the requirements. Some of the attributes like data privacy, tag regularity and interruption to brute-force attacks. To make data deduplication technique more efficient based on the requirements. This paper will discuss schemes that brace user-defined access control, by allowing the service provider to get information of the information owners. Thus our scheme eliminates redundancy of the data without breaching the privacy and security of clients that depends on service providers. Our lastest deduplication scheme after performing various algorithms resulted in conclusion and producing more efficient data confidentiality and tag consistency. This paper has discussion on various techniques and their drawbacks for the effectiveness of the deduplication.

Cloud-based enterprise search services (e.g., AWS Kendra) have been entrancing big data owners by offering convenient and real-time search solutions to them. However, the problem is that individuals and organizations possessing confidential big data are hesitant to embrace such services due to valid data privacy concerns. In addition, to offer an intelligent search, these services access the user’s search history that further jeopardizes his/her privacy. To overcome the privacy problem, the main idea of this research is to separate the intelligence aspect of the search from its pattern matching aspect. According to this idea, the search intelligence is provided by an on-premises edge tier and the shared cloud tier only serves as an exhaustive pattern matching search utility. We propose Smartness at Edge (SAED mechanism that offers intelligence in the form of semantic and personalized search at the edge tier while maintaining privacy of the search on the cloud tier. At the edge tier, SAED uses a knowledge-based lexical database to expand the query and cover its semantics. SAED personalizes the search via an RNN model that can learn the user’s interest. A word embedding model is used to retrieve documents based on their semantic relevance to the search query. SAED is generic and can be plugged into existing enterprise search systems and enable them to offer intelligent and privacy-preserving search without enforcing any change on them. Evaluation results on two enterprise search systems under real settings and verified by human users demonstrate that SAED can improve the relevancy of the retrieved results by on average ≈24% for plain-text and ≈75% for encrypted generic datasets.

Underwater acoustic sensor networks (UASNs) have been receiving more and more attention due to their wide applications and the marine data collection is one of the important applications of UASNs. However, the openness and unreliability of underwater acoustic communication links and the easy capture of underwater wireless devices make UASNs vulnerable to various attacks. On the other hand, due to the limited resources of underwater acoustic network nodes, the high bit error rates, large and variable propagation delays, and low bandwidth of acoustic channels, many mature security mechanisms in terrestrial wireless sensor networks cannot be applied in the underwater environment [1]. In this paper, a secure communication protocol for marine data collection was proposed to ensure the confidentiality and data integrity of communication between under sensor nodes and the sink node in UASNs.

Underwater wireless optical communications are studied through single photon detection, photon states modulation and quantum key encryption. These studies will promote the development of optical communication applications in underwater vehicles and underwater sensor networks.

With the rapid development of e-commerce and the increasing popularity of credit cards, online transactions have become increasingly smooth and convenient. However, many online transactions suffer from credit card fraud, resulting in huge losses every year. Many financial organizations and e-commerce companies are devoted to developing advanced fraud detection algorithms. This paper presents an approach to detect fraud transactions using the IEEE-CIS Fraud Detection dataset provided by Kaggle. Our stacked model is based on Gradient Boosting, LightGBM, CatBoost, and Random Forest. Besides, implementing StackNet improves the classification accuracy significantly and provides expandability to the network architecture. Our final model achieved an AUC of 0.9578 for the training set and 0.9325 for the validation set, demonstrating excellent performance in classifying different transaction types.

Internet of things (IoT) healthcare devices, like other IoT devices, typically use proprietary protocol communications. Usually, these proprietary protocols are not audited and may present security flaws. Further, new proprietary protocols are desgined in the field of IoT devices, like data-over-sound communications. Data-over-sound is a new method of communication based on audio with increasing popularity due to its low hardware requirements. Only a speaker and a microphone are needed instead of the specific antennas required by Bluetooth or Wi-Fi protocols. In this paper, we analyze, audit and reverse engineer a modern IoT healthcare device used for performing electrocardiograms (ECG). The audited device is currently used in multiple hospitals and allows remote health monitoring of a patient with heart disease. For this auditing, we follow a black-box reverse-engineering approach and used STRIDE threat analysis methodology to assess all possible attacks. Following this methodology, we successfully reverse the proprietary data-over-sound protocol used by the IoT healthcare device and subsequently identified several vulnerabilities associated with the device. These vulnerabilities were analyzed through several experiments to classify and test them. We were able to successfully manipulate ECG results and fake heart illnesses. Furthermore, all attacks identified do not need any patient interaction, being this a transparent process which is difficult to detect. Finally, we suggest several short-term solutions, centred in the device isolation, as well as long-term solutions, centred in involved encryption capabilities.

Automatic dependent surveillance-broadcast (ADS- B) records provide an important basis and evidence for future route planning and accountability. However, due to the lack of effective support for the integrity and confidentiality of ADS-B, the air traffic control (ATC) system based on ADS-B faces serious security threats. Once the data is tampered with, it will cause immeasurable losses to society. The ADS-B data is arranged in chronological order, and the order-preserving encryption method allows users to directly search for ciphertexts by time. However, encryption alone does not guarantee the integrity of the data. The attacker can still destroy the integrity of the data by modifying the ciphertext. This paper proposes a secure ADS- B protection scheme that supports queries. We construct a dynamic order-preserving encryption (DOPE) scheme to achieve data confidentiality and sequential search of target data in the ciphertext. In addition, the scheme achieves fast integrity checking by calculating the unique verification label of the entire ciphertext, and supports blockless verification, which means that all data does not need to be transmitted during the audit phase. In the meanwhile, the auditor can verify the integrity of multiple ADS-B documents at once, which improves the computational efficiency of the audit. We analyze the integrity and security of the scheme and proved that DOPE is indistinguishable under an ordered chosen-plaintext attack (IND-OCPA). Furthermore, we conclude through performance analysis that the communication overhead is constant and computation overhead is logarithmic level. The proposed scheme is applicable to all data arranged in order, such as hospital records arranged by date and so on. At the same time, ADS-B can be used for urban vehicle monitoring and is a basic means to realize smart transportation.

To address the concerns posed by certain security attacks on communication protocol, this paper proposes a Quantum Key Exchange algorithm coupled with an encoding scheme based on Fermat Numbers and DNA sequences. The concept of Watson-Crick’s transformation of DNA sequences and random property of the Fermat Numbers is applied for protection of the communication system by means of dual encryption. The key generation procedure is governed by a quantum bit rotation mechanism. The total process is illustrated with an example. Also, security analysis of the encryption and decryption process is also discussed.

IT world is migrating towards utilizing cloud computing as an essential data storing and exchanging platform. With the amelioration of technology, a colossal amount of data is generating with time. Cloud computing provides an enormous data storage capacity with the flexibility of accessing it without the time and place restrictions with virtualized resources. Healthcare industries spawn intense amounts of data from various medical instruments and digital records of patients. To access data remotely from any geographical location, the healthcare industry is moving towards cloud computing. EHR and PHR are patient's digital records, which include sensitive information of patients. Apart from all the proficient service provided by cloud computing, security is a primary concern for various organizations. To address the security issue, several cryptographic techniques implemented by researchers worldwide. In this paper, a vigorous cryptographic method discussed which is implemented by combining DNA cryptography and Elliptic Curve Cryptography to protect sensitive data in the cloud.

With the explosive growth of IoT applications, billions of things are now connected via edge devices and a colossal volume of data is sent over the internet. Providing security to the user data becomes crucial. The rise in zero-day attacks are a challenge in IoT scenarios. With the large scale of IoT application detection and mitigation of such attacks by the network administrators is cumbersome. The edge device Raspberry pi is remotely logged using Secure Shell (SSH) protocol in 90% of the IoT applications. The case study of SSH brute force attack on the edge device Raspberry pi is demonstrated with experimentation in the IoT networking scenario using Intrusion Detection System (IDS). The IP crawlers available on the internet are used by the attacker to obtain the IP address of the edge device. The proposed system continuously monitors traffic, analysis the log of attack patterns, detects and mitigates SSH brute attack. An attack hijacks and wastes the system resources depriving the authorized users of the resources. With the proposed IDS, we observe 25% CPU conservation, 40% power conservation and 10% memory conservation in resource utilization, as the IDS, mitigates the attack and releases the resources blocked by the attacker.

This paper presents a secure reinforcement learning (RL) based control method for unknown linear time-invariant cyber-physical systems (CPSs) that are subjected to compositional attacks such as eavesdropping and covert attack. We consider the attack scenario where the attacker learns about the dynamic model during the exploration phase of the learning conducted by the designer to learn a linear quadratic regulator (LQR), and thereafter, use such information to conduct a covert attack on the dynamic system, which we refer to as doubly learning-based control and attack (DLCA) framework. We propose a dynamic camouflaging based attack-resilient reinforcement learning (ARRL) algorithm which can learn the desired optimal controller for the dynamic system, and at the same time, can inject sufficient misinformation in the estimation of system dynamics by the attacker. The algorithm is accompanied by theoretical guarantees and extensive numerical experiments on a consensus multi-agent system and on a benchmark power grid model.

This contribution provides the implementation of a holistic operational security assessment process for both steady-state security and dynamic stability. The merging of steady-state and dynamic security assessment as a sequential process is presented. A steady-state and dynamic modeling of a VSC-HVDC was performed including curative and stabilizing measures as remedial actions. The assessment process was validated by a case study on a modified version of the Nordic 32 system. Simulation results showed that measure selection based on purely steady-state contingency analysis can lead to loss of stability in time domain. A subsequent selection of measures on the basis of the dynamic security assessment was able to guarantee the operational security for the stationary N-1 scenario as well as the power system stability.

This paper studies the secure computation offloading for multi-user multi-server mobile edge computing (MEC)-enabled internet of things (IoT). A novel jamming signal scheme is designed to interfere with the decoding process at the Eve, but not impair the uplink task offloading from users to APs. Considering offloading latency and secrecy constraints, this paper studies the joint optimization of communication and computation resource allocation, as well as partial offloading ratio to maximize the total secrecy offloading data (TSOD) during the whole offloading process. The considered problem is nonconvex, and we resort to block coordinate descent (BCD) method to decompose it into three subproblems. An efficient iterative algorithm is proposed to achieve a locally optimal solution to power allocation subproblem. Then the optimal computation resource allocation and offloading ratio are derived in closed forms. Simulation results demonstrate that the proposed algorithm converges fast and achieves higher TSOD than some heuristics.

Skyline computation is an increasingly popular query, with broad applicability to many domains. Given the trend to outsource databases, and due to the sensitive nature of the data (e.g., in healthcare), it is essential to evaluate skylines on encrypted datasets. Research efforts acknowledged the importance of secure skyline computation, but existing solutions suffer from several shortcomings: (i) they only provide ad-hoc security; (ii) they are prohibitively expensive; or (iii) they rely on assumptions such as the presence of multiple non-colluding parties in the protocol. Inspired by solutions for secure nearest-neighbors, we conjecture that a secure and efficient way to compute skylines is through result materialization. However, materialization is much more challenging for skylines queries due to large space requirements. We show that pre-computing skyline results while minimizing storage overhead is NP-hard, and we provide heuristics that solve the problem more efficiently, while maintaining storage at reasonable levels. Our algorithms are novel and also applicable to regular skyline computation, but we focus on the encrypted setting where materialization reduces the response time of skyline queries from hours to seconds. Extensive experiments show that we clearly outperform existing work in terms of performance, and our security analysis proves that we obtain a small (and quantifiable) data leakage.

The security issue of complex network systems, such as communication systems and power grids, has attracted increasing attention due to cascading failure threats. Many existing studies have investigated the robustness of complex networks against cascading failure from an attacker's perspective. However, most of them focus on the synchronous attack in which the network components under attack are removed synchronously rather than in a sequential fashion. Most recent pioneering work on sequential attack designs the attack strategies based on simple heuristics like degree and load information, which may ignore the inside functions of nodes. In the paper, we exploit a reinforcement learning-based sequential attack method to investigate the impact of different nodes on cascading failure. Besides, a candidate pool strategy is proposed to improve the performance of the reinforcement learning method. Simulation results on Barabási-Albert scale-free networks and real-world networks have demonstrated the superiority and effectiveness of the proposed method.

In this paper we propose a security and cost aware scheduling heuristic for real-time workflow jobs that process Internet of Things (IoT) data with various security requirements. The environment under study is a four-tier architecture, consisting of IoT, mist, fog and cloud layers. The resources in the mist, fog and cloud tiers are considered to be heterogeneous. The proposed scheduling approach is compared to a baseline strategy, which is security aware, but not cost aware. The performance evaluation of both heuristics is conducted via simulation, under different values of security level probabilities for the initial IoT input data of the entry tasks of the workflow jobs.

Although many digital signature algorithms are available nowadays, the speed of signing and/or verifying a digital signature is crucial for different applications. Some algorithms are fast for signing but slow for verification, but others are the inverse. Research efforts for an algorithm being fast in both signing and verification is essential. The traditional GOST algorithm has the shortest signing time but longest verification time compared with other DSA algorithms. Hence an improvement in its signature verification time is sought in this work. A modified GOST digital signature algorithm variant is developed improve the signature verification speed by reducing the computation complexity as well as benefiting from its efficient signing speed. The obtained signature verification execution speed for this variant was 1.5 time faster than that for the original algorithm. Obviously, all parameters' values used, such as public and private key, random numbers, etc. for both signing and verification processes were the same. Hence, this algorithm variant will prove suitable for applications that require short time for both, signing and verification processes. Keywords— Discrete Algorithms, Authentication, Digital Signature Algorithms DSA, GOST, Data Integrity

In cyberspace, a digital signature is a mathematical technique that plays a significant role, especially in validating the authenticity of digital messages, emails, or documents. Furthermore, the digital signature mechanism allows the recipient to trust the authenticity of the received message that is coming from the said sender and that the message was not altered in transit. Moreover, a digital signature provides a solution to the problems of tampering and impersonation in digital communications. In a real-life example, it is equivalent to a handwritten signature or stamp seal, but it offers more security. This paper proposes a scheme to enable users to digitally sign their communications by validating their identity through users’ mobile devices. This is done by utilizing the user’s ambient Wi-Fi-enabled devices. Moreover, the proposed scheme depends on something that a user possesses (i.e., Wi-Fi-enabled devices), and something that is in the user’s environment (i.e., ambient Wi-Fi access points) where the validation process is implemented, in a way that requires no effort from users and removes the "weak link" from the validation process. The proposed scheme was experimentally examined.

In today's volatile environment, we have never been more reliant on a tightly knit supply chain (SC). Globalisation, mass manufacturing, and specialisation are now hallmarks of our integrated, industrialised world. Decision-makers rely heavily on accurate up-to-the-minute data. Even the tiniest interruption in data flow can have a huge effect on the quality of decision-making and performance. In the full interconnection paradigm, this dependency has inadvertently pushed device connectivity toward an Industrial Internet of Things (IIoT) approach. This has allowed the provision of 'added value resources' such as SC optimisation for Industry 4.0 (I4.0) or enhanced process controls. While system interconnectivity has increased, Internet of Things (IoT) and I4.0 SC protection measures have lagged behind. The root cause of this disparity is the existing mainstream security practices inherited from industrial networks and linking systems that neglect any specific security capability. This paper introduces the preliminary design of an I4.0 SC architecture that offers a complete protocol break about how exacting security functions could be implemented by isolation, a rigorous access control system, and surveillance to ensure the proposed architecture's end-to-end security to I4.0 SC.

Cyber-physical systems are subject to natural uncertainties and sensor noise that can be amplified/attenuated due to feedback. In this work, we want to leverage these properties in order to define the inherent differential privacy of feedback-control systems without the addition of an external differential privacy noise. If larger levels of privacy are required, we introduce a methodology to add an external differential privacy mechanism that injects the minimum amount of noise that is needed. On the other hand, we show how the combination of inherent and external noise affects system security in terms of the impact that integrity attacks can impose over the system while remaining undetected. We formulate a bilevel optimization problem to redesign the control parameters in order to minimize the attack impact for a desired level of inherent privacy.

CPS traffic characteristics is one of key techniques of Cyber-Physical Systems (CPS). A deep research of CPS network traffic characteristics can help to better plan and design CPS networks. A brief overview of the key concepts of CPS is firstly presented. Then CPS application scenarios are analyzed in details and classified. The characteristics of CPS traffic is analyzed theoretically for different CPS application scenarios. At last, the characteristics of CPS traffic is verified using NS-2 simulation.

Cyber-physical systems are particularly difficult to model and simulate because their components mix many different system modalities. In this paper we address the main technical challenges on system simulation taking into account by new characters of CPS, and provide a comprehensive view of the simulation modeling methods for integration of continuous-discrete model. Regards to UML and Simulink, two most widely accepted modeling methods in industrial designs, we study on three methods to perform the cooperation of these two kinds of heterogeneous models for co-simulation. The solution of an implementation of co-simulation method for CPS was designed under three levels architecture.