Biblio

This paper presents a self-securing decentralized on-chip network interface (NI) architecture to Multicore System-on-Chip (McSoC) platforms. To protect intra-chip communication within McSoC, security framework proposal resides in initiator and target NIs. A comparison between block cipher and lightweight cryptographic algorithms is then given, so we can figure out the most suitable cipher for network-on-chip (NoC) architectures. AES and LED security algorithms was a subject of this comparison. The designs are developed in Xilinx ISE 14.7 tool using VHDL language.

Multicast on-chip communication is encountered in various cache-coherence protocols targeting multi-core processors, and its pervasiveness is increasing due to the proliferation of machine learning accelerators. In-network handling of multicast traffic imposes additional switching-level restrictions to guarantee deadlock freedom, while it stresses the allocation efficiency of Network-on-Chip (NoC) routers. In this work, we propose a novel NoC router microarchitecture, called SmartFork, which employs a versatile and cost-efficient multicast packet replication scheme that allows the design of high-throughput and low-cost NoCs. The design is adapted to the average branch splitting observed in real-world multicast routing algorithms. Compared to state-of-the-art NoC multicast approaches, SmartFork is demonstrated to yield higher performance in terms of latency and throughput, while still offering a cost-effective implementation.

Network-on-chip (NoC) has become the standard communication fabric for on-chip components in modern System-on-chip (SoC) designs. Since NoC has visibility to all communications in the SoC, it has been one of the primary targets for security attacks. While packet encryption can provide secure communication, it can introduce unacceptable energy and performance overhead due to the resource-constrained nature of SoC designs. In this paper, we propose a lightweight encryption scheme that is implemented on the network interface. Our approach improves the performance of encryption without compromising security using incremental cryptography, which exploits the unique NoC traffic characteristics. Experimental results demonstrate that our proposed approach significantly (up to 57%, 30% on average) reduces the encryption time compared to traditional approaches with negligible (less than 2%) impact on area overhead.

The Classification of devices involved in authentication and classification of authentication systems by type and combination of protocols used are proposed. The system architecture for soft multi-factor authentication designed and simulated.

Fog Computing paradigm extends the cloud computing to the edge of the network to resolve the problem of latency but this introduces new security and privacy issues. So, it is necessary that a user must be authenticated before initiating data exchange in order to preserve the integrity. Secondly, in fog computing, fog node must also be authorized for ensuring the proper behaviour of fog node and validate that the fog node is not corrupted. Hence, we proposed a mutual authentication scheme which verifies both the fog node and the end user before the transfer of data. Traditional authentication protocol uses digital certificate and digital signature which faces the problem of scalability and more complexity respectively. So, in the proposed architecture, the problem of scalability and complexity is reduced to a greater extent compared to traditional authentication techniques. The proposed scheme also ensures multi-factor authentication of the user before sending the data and it is way too efficient.

A large amount of malware families use the domain generation algorithms (DGA) to randomly generate a large amount of domain names. It is a good way to bypass conventional blacklists of domain names, because we cannot predict which of the randomly generated domain names are selected for command and control (C&C) communications. An effective approach for detecting known DGA families is to investigate the malware with reverse engineering to find the adopted generation algorithms. As reverse engineering cannot handle the variants of DGA families, some researches leverage supervised learning to find new variants. However, the explainability of supervised learning is low and cannot find previously unseen DGA families. In this paper, we propose a graph-based semi-supervised learning scheme to track the evolution of known DGA families and find previously unseen DGA families. With a domain relation graph, we can clearly figure out how new variants relate to known DGA domain names, which induces better explainability. We deployed the proposed scheme on real network scenarios and show that the proposed scheme can not only comprehensively and precisely find known DGA families, but also can find new DGA families which have not seen before.

Digitalization of production and management as the imperatives of Industry 4.0 stipulated the requirements of state regulators for informing and training personnel of a significant object of critical information infrastructure. However, the attention of industrial enterprises to this problem is assessed as insufficient. This determines the relevance and purpose of this article - to develop a methodology and tool for raising the awareness of workers of an industrial enterprise about information security (IS) of significant objects of critical information infrastructure. The article reveals the features of training at industrial enterprises associated with a high level of development of safety and labor protection systems. Traditional and innovative methods and means of training personnel at the workplace within the framework of these systems and their opportunities for training in the field of information security are shown. The specificity of the content and forms of training employees on the security of critical information infrastructure has been substantiated. The scientific novelty of the study consists in the development of methods and software applications that can perform the functions of identifying personal qualities of employees; testing the input level of their knowledge in the field of IS; testing for knowledge of IS rules (by the example of a response to socio-engineering attacks); planning an individual thematic plan for employee training; automatic creation of a modular program and its content; automatic notification of the employee about the training schedule at the workplace; organization of training according to the schedule; control self-testing and testing the level of knowledge of the employee after training; organizing a survey to determine satisfaction with employee training. The practical significance of the work lies in the possibility of implementing the developed software application in industrial enterprises, which is confirmed by the successful results of its testing.

In a previous article [1] we proposed a layered framework to support the assessment of the security risks associated with the use of autonomous vehicles in military operations and determine how to manage these risks appropriately. We established consistent terminology and defined the problem space, while exploring the first layer of the framework, namely risks from the mission assurance perspective. In this paper, we develop the second layer of the framework. This layer focuses on the risk assessment of the vehicles themselves and on producing a highlevel security design adequate for the mission defined in the first layer. To support this process, we also define a reference model for autonomous vehicles to use as a common basis for the assessment of risks and the design of the security controls.

The accelerated growth of computing technologies has provided interdisciplinary teams a platform for producing innovative research at an unprecedented speed. Advanced scientific cyberinfrastructures, in particular, provide data storage, applications, software, and other resources to facilitate the development of critical scientific discoveries. Users of these environments often rely on custom developed virtual machine (VM) images that are comprised of a diverse array of open source applications. These can include vulnerabilities undetectable by conventional vulnerability scanners. This research aims to identify the installed applications, their vulnerabilities, and how they vary across images in scientific cyberinfrastructure. We propose a novel unsupervised graph embedding framework that captures relationships between applications, as well as vulnerabilities identified on corresponding GitHub repositories. This embedding is used to cluster images with similar applications and vulnerabilities. We evaluate cluster quality using Silhouette, Calinski-Harabasz, and Davies-Bouldin indices, and application vulnerabilities through inspection of selected clusters. Results reveal that images pertaining to genomics research in our research testbed are at greater risk of high-severity shell spawning and data validation vulnerabilities.

Passive radio frequency identification (RFID) systems raise new transmission secrecy protection challenges against the special proactive eavesdropper, since it is able to both enhance the information wiretap and interfere with the information detection at the RFID reader simultaneously by broadcasting its own continuous wave (CW) signal. To defend against proactive eavesdropping attacks, we propose an artificial noise (AN) aided secure transmission scheme for the RFID reader, which superimposes an AN signal on the CW signal to confuse the proactive eavesdropper. The power allocation between the AN signal and the CW signal are optimized to maximize the secrecy rate. Furthermore, we model the attack and defense process between the proactive eavesdropper and the RFID reader as a hierarchical security game, and prove it can achieve the equilibrium. Simulation results show the superiority of our proposed scheme in terms of the secrecy rate and the interactions between the RFID reader and the proactive eavesdropper.

As it was difficult for the State Grid Corporation of China (SGCC) to manage a large amount of safety equipment efficiently, resulting in the frequent occurrence of safety accidents caused by the quality of equipment. Therefore, this paper presents a design of a self-powered wireless communication radio frequency identification tag system based on the Si24R1. The system uses blockchain technology to provide a full-length, chain-like path for RFID big data to achieve data security management. Using low-power Si24R1 chips to make tags can extend the use time of tags and achieve full life cycle management of equipment. In addition, a transmission scheme was designed to reduce the packet loss rate, in this paper. Finally, the result showed that the device terminal received and processed information from the six tags simultaneously. According to calculations, this electronic tag could be used for up to three years. This system can be widely used for safe operation management, which can effectively reduce the investment of manpower and material resources.

Existing methods for home security monitoring depend on expensive custom battery-powered solutions. In this article, we present a battery-free solution that leverages any off-the-shelf passive radio frequency identification (RFID) tag for real-time entry detection. Sensor consists of a printed RFID antenna on paper, coupled to a magnetic reed switch and is affixed on the door. Opening of the door triggers the reed switch causing RFID signal transmission detected by any off-the-shelf passive RFID reader. This paper shows simulation and experimental results for such magnetically-actuated RFID (or magRFID) opening sensor.

Certificateless signcryption mechanism can not only provide security services, such as message integrity, non-repudiation and confidentiality, but also solve the problems of public key certificate management and key escrow. Zhou et al. proposed a certificateless signcryption mechanism without bilinear mapping and gave its security proof under the discrete logarithm problem and the computational Diffie Hellman problem in the random oracle model. However, the analysis show that this scheme has security flaws. That is, attackers can forge legitimate signatures of any messages. Finally, we give the specific attack process.

SM9 is an identity-based cryptography algorithm published by the State Cryptography Administration of China. With SM9, a user's private key for signing is generated by a central system called key generation center (KGC). When the owner of the private key wants to shirk responsibility by denying that the signature was generated by himself, he can claim that the operator of KGC forged the signature using the generated private key. To address this issue, in this paper, two schemes of SM9 digital signature with non-repudiation are proposed. With the proposed schemes, the user's private key for signing is collaboratively generated by two separate components, one of which is deployed in the private key service provider's site while the other is deployed in the user's site. The private key can only be calculated in the user's site with the help of homomorphic encryption. Therefore, only the user can obtain the private key and he cannot deny that the signature was generated by himself. The proposed schemes can achieve the non-repudiation of SM9 digital signature.

As the demand for smart devices in homes increases, more and more manufacturers have been launching these devices on a mass scale. But what they are missing out on is taking care of the security part of these IoT devices which results in a more vulnerable system. This paper presents an idea through a small-scale working model and the studies that made the same possible. IoT devices face numerous threats these days with the ease of access to powerful hacking tools such as aircrack-ng which provides services like monitoring, attacking and cracking Wifi networks. The essential thought of the proposed system is to give an idea of how some common attacks are carried out, how these attacks work and to device some form of prevention as an additional security layer for IoT devices in general. The system proposed here prevents most forms of attacks that target the victim IoT device using their MAC addresses. These include DoS and DDoS attacks, both of which are the main focus of this paper. This paper also points out some of the future research work that can be followed up.

Distributed Denial of Service (DDoS) attacks aim at bringing down or decreasing the availability of services for their legitimate users, by exhausting network or server resources. It is difficult to differentiate attack traffic from legitimate traffic as the attack can come from distributed nodes that additionally might spoof their IP addresses. Traditional DoS mitigation solutions fail to defend all kinds of DoS attacks and huge DoS attacks might exceed the processing capacity of routers and firewalls easily. The advent of Software-defined Networking (SDN) and Network Function Virtualization (NFV) has brought a new perspective for network defense. Key features of such technologies like global network view and flexibly positionable security functionality can be used for mitigating DDoS attacks. In this paper, we propose a collaborative DDoS attack mitigation scheme that uses SDN and NFV. We adopt a machine learning algorithm from related work to derive accurate patterns describing DDoS attacks. Our experimental results indicate that our framework is able to differentiate attack and legitimate traffic with high accuracy and in near-realtime. Furthermore, the derived patterns can be used to create OpenFlow (OF) or Firewall rules that can be pushed back into the direction of the attack origin for more efficient and distributed filtering.

Distributed Denial of Service (DDoS) attacks have been one of the persistent forms of attacks on information technology infrastructure connected to a public network due to the ease of access to DDoS attack tools. Researchers have been able to develop several techniques to curb volumetric DDoS attacks which overwhelms the target with large number of request packets. However, compared to volumetric DDoS, low amount of research has been executed on mitigating slow DDoS. Data mining approaches and various Artificial Intelligence techniques have been proved by researchers to be effective for reduce DDoS attacks. This paper provides the scholarly community with slow DDoS attack detection techniques using Genetic Algorithm and Support Vector Machine aimed at mitigating slow DDoS attack in a Software-Defined Networking (SDN) environment simulated in GNS3. Genetic algorithm was employed to select the features which indicates the presence of an attack and also determine the appropriate regularization parameter, C, and gamma parameter for the Support Vector Machine classifier. Results obtained shows that the classifier had detection accuracy, Area Under Receiver Operating Curve (AUC), true positive rate, false positive rate and false negative rate of 99.89%, 99.89%, 99.95%, 0.18%, and 0.05% respectively. Also, the algorithm for subsequent implementation of the selective adaptive bubble burst mitigation mechanism was presented.

Businesses were moving during the past decades to-ward full digital models, which made companies face new threats and cyberattacks affecting their services and, consequently, their profits. To avoid negative impacts, companies' investments in cybersecurity are increasing considerably. However, Small and Medium-sized Enterprises (SMEs) operate on small budgets, minimal technical expertise, and few personnel to address cybersecurity threats. In order to address such challenges, it is essential to promote novel approaches that can intuitively present cybersecurity-related technical information.This paper introduces SecBot, a cybersecurity-driven conversational agent (i.e., chatbot) for the support of cybersecurity planning and management. SecBot applies concepts of neural networks and Natural Language Processing (NLP), to interact and extract information from a conversation. SecBot can (a) identify cyberattacks based on related symptoms, (b) indicate solutions and configurations according to business demands, and (c) provide insightful information for the decision on cybersecurity investments and risks. A formal description had been developed to describe states, transitions, a language, and a Proof-of-Concept (PoC) implementation. A case study and a performance evaluation were conducted to provide evidence of the proposed solution's feasibility and accuracy.

Chatbots are a computer program that was created to imitate the human during a conversation. In this technological era, humans were replaced by machines for performing most of the work. So chatbots were developed to mimic the conversation a human does with another person. The work a chatbot does ranges from answering simple queries to acting as personal assistant to the boss. There are different kinds of chatbots developed to cater to the needs of the people in different domain. The methodology of creating them also varies depending on their type. In this paper, the various types of chatbots and techniques such as Machine Learning, deep learning and natural language processing used for designing them were discussed in detail.

Intent classification is an important and relevant area of research in artificial intelligence and machine learning, with applications ranging from marketing and product design to intelligent communication. This paper explores the performance of various models and techniques for short text intent classification in the context of chatbots. The problem was explored for use within the mental wellness and therapy chatbot application, Wysa, to give improved responses to free-text user input. The authors looked at classifying text samples in-to 4 categories - assertions, refutations, clarifiers and transitions. For this, the suitability of the following techniques was evaluated: count vectors, TF-IDF, sentence embeddings and n-grams, as well as modifications of the same. Each technique was used to train a number of state-of-the-art classifiers, and the results have been compiled and presented. This is the first documented implementation of Arora's modification to sentence embeddings for real world use. It also introduces a technique to generate custom stop words that gave a significant gain in performance (10 percentage points). The best pipeline, using these techniques together, gave an accuracy of 95 percent.

With the vastly growing need for secure communication, quantum key distribution (QKD) has been developed to provide high security for communications against potential attacks from the fast-developing quantum computers. Among different QKD protocols, continuous variable (CV-) QKD employing Gaussian modulated coherent states has been promising for its complete security proof and its compatibility with current communication systems in implementation with homodyne or heterodyne detection. Since satellite communication has been more and more important in developing global communication networks, there have been concerns about the security in satellite communication and how we should evaluate the security of CV-QKD in such scenarios. To better analyse the secure key rate (SKR) in this case, in this invited paper we investigate the CV-QKD SKR lower bounds under realistic assumptions over a satellite-to-satellite channel. We also investigate the eavesdropper's best strategy to apply in these scenarios. We demonstrate that for these channel conditions with well-chosen carrier centre frequency and receiver aperture size, based on channel parameters, we can optimize SKR correspondingly. The proposed satellite-based QKD system provides high security level for the coming 5G and beyond networks, the Internet of things, self-driving cars, and other fast-developing applications.

IoT is an emerging technology in modern world of communication. As the usage of IoT devices is increasing in day to day life, the secure data communication in IoT environment is the major challenge. Especially, small sized Single-Board Computers (SBCs) or Microcontrollers devices are widely used to transfer data with another in IoT. Due to the less processing power and storage capabilities, the data acquired from these devices must be transferred very securely in order to avoid some ethical issues. There are many cryptography approaches are applied to transfer data between IoT devices, but there are obvious chances to suspect encrypted messages by eavesdroppers. To add more secure data transfer, steganography mechanism is used to avoid the chances of suspicion as another layer of security. Based on the capabilities of IoT devices, low complexity images are used to hide the data with different hiding algorithms. In this research study, the secret data is encoded through QR code and embedded in low complexity cover images by applying image to image hiding fashion. The encoded image is sent to the receiving device via the network. The receiving device extracts the QR code from image using secret key then decoded the original data. The performance measure of the system is evaluated by the image quality parameters mainly Peak Signal to Noise Ratio (PSNR), Normalized Coefficient (NC) and Security with maintaining the quality of contemporary IoT system. Thus, the proposed method hides the precious information within an image using the properties of QR code and sending it without any suspicion to attacker and competes with the existing methods in terms of providing more secure communication between Microcontroller devices in IoT environment.

Government division may be a crucial portion of the nation's economy. Security of government inquire about substance from all sorts of dangers is basic not as it were for trade coherence but too for supporting the economy of the country as a entirety. With the digitization of conventional records, government substances experience troublesome issues, such as government capacity and access. Research office spend significant time questioning the specified information when getting to Government investigate substance subtle elements, but the gotten information are not fundamentally rectify, and get to is some of the time limited. On this premise, this think about proposes a investigate substance which utilize ciphertext-based encryption to guarantee information privacy and get to control of record subtle elements. The investigate head may scramble the put away data for accomplishing get to control and keeping information secure. In this manner AES Rijndael calculation is utilized for encryption. This guarantees security for the data and empowers Protection.

In order to solve the statistical fluctuation problem caused by the finite data length in the practical quantum key distribution system, four commonly used statistical methods, DeMoivre-Laplace theorem, Chebyshev inequality, Chernoff boundary and Hoeffding boundary, are used to analyze. The application conditions of each method are discussed, and the effects of data length and confidence level on quantum key distribution security performance are simulated and analyzed. The simulation results show that the applicable conditions of Chernoff boundary are most consistent with the reality of the practical quantum key distribution system with finite-length data. Under the same experimental conditions, the secure key generation rate and secure transmission distance obtained by Chernoff boundary are better than those of the other three methods. When the data length and confidence level change, the stability of the security performance obtained by the Chernoff boundary is the best.

Dynamic properties of optical signals in fiber channel provide a unique, random and reciprocal source for physical-layer secure key generation and distribution (SKGD). In this paper, an inherent physical-layer SKGD scheme is proposed and demonstrated, where the random source is originated from the dynamic fluctuation of the instant state of polarization (SOP) of optical signals in fiber. Due to the channel reciprocity, highly-correlated fluctuation of Stokes parameter of SOP is shared between the legal partners, where an error-free key generation rate (KGR) of 196-bit/s is successfully demonstrated over 25-km standard single-mode fiber (SSMF). In addition, an active polarization scrambler is deployed in fiber to increase the KGR, where an error-free KGR of 200-kbit/s is achieved.