Biblio

To develop the next generation of Internet of Things, Edge devices and systems which leverage progress in enabling technologies such as 5G, distributed computing and artificial intelligence (AI), several requirements need to be developed and put in place to make the devices smarter. A major requirement for all the above applications is the long-term security and trust computing infrastructure. Trusted Computing requires the introduction inside of the platform of a Trusted Platform Module (TPM). Traditionally, a TPM was a discrete and dedicated module plugged into the platform to give TPM capabilities. Recently, processors manufacturers started integrating trusted computing features into their processors. A significant drawback of this approach is the need for a permanent modification of the processor microarchitecture. In this context, we suggest an analysis and a design of a software-only TPM for RISC-V processors based on seL4 microkernel and OP-TEE.

Software trustworthiness includes many attributes. Reasonable weight allocation of trustworthy attributes plays a key role in the software trustworthiness measurement. In practical application, attribute weight usually comes from experts' evaluation to attributes and hidden information derived from attributes. Therefore, when the weight of attributes is researched, it is necessary to consider weight from subjective and objective aspects. Firstly, a novel weight allocation method is proposed by combining the Fuzzy Analytical Hierarchy Process (FAHP) method and the Criteria Importance Though Intercrieria Correlation (CRITIC) method. Secondly, based on the weight allocation method, the trustworthiness measurement models of component-based software are established according to the four combination structures of components. Thirdly, some metric criteria of the model are proved to verify the reasonability. Finally, a case is used to illustrate the practicality of the model.

Smart grids are one of the most important applications of cyber-physical systems. They intelligently transmit energy to customers by information technology, and have replaced the traditional power grid and are widely used. However, smart grids are vulnerable to cyber-attacks. Once attacked, it will cause great losses and lose the trust of customers. Therefore, it is important to evaluate the trustworthiness of smart grids. In order to evaluate the trustworthiness of smart grids, this paper uses a generalized stochastic Petri net (GSPN) to model smart grids. Considering various security threats that smart grids may face, we propose a general GSPN model for smart grids, which evaluates trustworthiness from three metrics of reliability, availability, and integrity by analyzing steady-state and transient probabilities. Finally, we obtain the value of system trustworthiness and simulation results show that the feasibility and effectiveness of our model for smart grids trustworthiness.

In order to analyze the trustworthiness of complex software systems, we propose a model of evidence-based software trustworthiness called trustworthiness derivation tree (TDT). The basic idea of constructing a TDT is to refine main properties into key ingredients and continue the refinement until basic facts such as evidences are reached. The skeleton of a TDT can be specified by a set of rules, which is convenient for automated reasoning in Prolog. We develop a visualization tool that can construct the skeleton of a TDT by taking the rules as input, and allow a user to edit the TDT in a graphical user interface. In a software development life cycle, TDTs can serve as a communication means for different stakeholders to agree on the properties about a system in the requirement analysis phase, and they can be used for deductive reasoning so as to verify whether the system achieves trustworthiness in the product validation phase. We have piloted the approach of using TDTs in more than a dozen real scenarios of software development. Indeed, using TDTs helped us to discover and then resolve some subtle problems.

WebAssembly is an Increasingly popular lightweight binary instruction format, which can be efficiently embedded and sandboxed. Languages like C, C++, Rust, Go, and many others can be compiled into WebAssembly. This paper describes Twine, a WebAssembly trusted runtime designed to execute unmodified, language-independent applications. We leverage Intel SGX to build the runtime environment without dealing with language-specific, complex APIs. While SGX hardware provides secure execution within the processor, Twine provides a secure, sandboxed software runtime nested within an SGX enclave, featuring a WebAssembly system interface (WASI) for compatibility with unmodified WebAssembly applications. We evaluate Twine with a large set of general-purpose benchmarks and real-world applications. In particular, we used Twine to implement a secure, trusted version of SQLite, a well-known full-fledged embeddable database. We believe that such a trusted database would be a reasonable component to build many larger application services. Our evaluation shows that SQLite can be fully executed inside an SGX enclave via WebAssembly and existing system interface, with similar average performance overheads. We estimate that the performance penalties measured are largely compensated by the additional security guarantees and its full compatibility with standard WebAssembly. An indepth analysis of our results indicates that performance can be greatly improved by modifying some of the underlying libraries. We describe and implement one such modification in the paper, showing up to 4.1 × speedup. Twine is open-source, available at GitHub along with instructions to reproduce our experiments.

In some single-phase systems, power decoupling is necessary to balance the difference between constant power at load side and double-frequency ripple power at AC side. The application of active power decoupling methods aim to smooth this power oscillatory component, but, in general, these methods require the addition of many semiconductor devices and/or energy storage components, which is not lined up with achieving low cost, high efficiency and high power quality. This paper presents the analysis of a new single-phase rectifier based on zeta topology with power decoupling function and power factor correction using only two active switches and without extra reactive components. Its behavior is based on three stages of operation in a switching period, such that the power oscillating component is stored in one of the inherent zeta inductor. The theoretical foundation that justifies its operation is presented, as well as the simulation and experimental results to validate the applied concepts.

Internet Exchange Points (IXPs) are critical components of the Internet infrastructure that affect its performance, evolution, security and economy. In this work, we introduce a technique to improve the well-known TraIXroute tool with its ability to identify IXPs. TraIXroute is a tool written in python3. It always encounters problems during its installation by network administrators and researchers. This problem remains unchanged in the field of internet ixp measurement tools. Our paper aims to make a critical analysis of TraIXroute tool which has some malfunctions. Furthermore, our main objective is to implement an improved tool for detecting ixps on the traceroute path with ipv4 and ipv6. The tool will have options for Geolocation of ixps as well as ASs. Our tool is written in C\# (C sharp) and python which are object oriented programming languages.

Object-oriented program (OOP) is very popular in these years for its advantages, but the testing method for OOP is still not mature enough. To deal with the problem that it is impossible to generate the probability density function by simply numeralizing a point in the test case caused by the complex structure of the object-oriented test case, we propose the Adaptive Random Testing through Test Profile for Object-Oriented software (ARTTP-OO). It generates a test case at the edge of the input field and calculates the distance between object-oriented test cases using Object and Method Invocation Sequence Similarity (OMISS) metric formula. And the probability density function is generated by the distance to select the test cases, thereby realizing the application of ARTTP algorithm in OOP. The experimental results indicate the proposed ARTTP-OO consumes less time cost without reducing the detection effectiveness.

This paper proposes a logic-based machine learning approach called Acuity which is designed to facilitate user-guided elucidation of novel phenomena from evidence sparsely distributed across large volumes of linked relational data. The work builds on systems from the field of Inductive Logic Programming (ILP) by introducing a suite of new techniques for interacting with domain experts and data sources in a way that allows complex logical reasoning to be strategically exploited on large real-world databases through intuitive hypothesis-shaping and data-caching functionality. We propose two methods for rebutting or shaping candidate hypotheses and two methods for querying or importing relevant data from multiple sources. The benefits of Acuity are illustrated in a proof-of-principle case study involving a retrospective analysis of the CryptoWall ransomware attack using data from a cyber security testbed comprising a small business network and an infected laptop.

To ensure a ship’s fully operational status in a wide spectrum of missions, as passenger transportation, international trade, and military activities, numerous interdependent systems are essential. Despite the potential critical consequences of misunderstanding or ignoring those interdependencies, there are very few documented approaches to enable their identification, representation, analysis, and use. From the cybersecurity point of view, if an anomaly occurs on one of the interdependent systems, it could eventually impact the whole ship, jeopardizing its mission success. This paper presents a proposal to identify the main dependencies of layers within and between generic ship’s functional blocks. An analysis of one of these layers, the platform systems, is developed to examine a naval cyber-physical system (CPS), the water management for passenger use, and its associated dependencies, from an intrinsic perspective. This analysis generates a three layers graph, on which dependencies are represented as oriented edges. Each abstraction level of the graph represents the physical, digital, and system variables of the examined CPS. The obtained result confirms the interest of graphs for dependencies representation and analysis. It is an operational depiction of the different systems interdependencies, on which can rely a cybersecurity evaluation, like anomaly detection and propagation assessment.

The human face conveys a significant amount of information. Through facial expressions, the face is able to communicate numerous sentiments without the need for verbalisation. Visual emotion recognition has been extensively studied. Recently several end-to-end trained deep neural networks have been proposed for this task. However, such models often lack generalisation ability across datasets. In this paper, we propose the Deep Facial Expression Vector ExtractoR (DeepFEVER), a new deep learning-based approach that learns a visual feature extractor general enough to be applied to any other facial emotion recognition task or dataset. DeepFEVER outperforms state-of-the-art results on the AffectNet and Google Facial Expression Comparison datasets. DeepFEVER’s extracted features also generalise extremely well to other datasets – even those unseen during training – namely, the Real-World Affective Faces (RAF) dataset.

In this paper, two methods are introduced for securing voice communication. The first technique applies multilevel chaos-based block cipher and the second technique applies non-autonomous chaotic modulation. In the first approach, the encryption method is implemented by joining Arnold cat map with the Lorenz system. This method depends on permuting and substituting voice samples. Applying two levels of a chaotic system, enhances the security of the encrypted signal. the permutation process of the voice samples is implemented by applying Arnold cat map, then use Lorenz chaotic flow to create masking key and consequently substitute the permuted samples. In the second method, an encryption method based on non-autonomous modulation is implemented, in the master system, and the voice injection process is applied into one variable of the Lorenz chaotic flow without modifying the state of controls parameter. Non-autonomous modulation is proved to be more suitable than other techniques for securing real-time applications; it also masters the problems of chaotic parameter modulation and chaotic masking. A comparative study of these methods is presented.

Although several different attacks or modern security mechanisms have been proposed, the captchas created by the numbers and the letters are still used by some websites or applications to protect their information security. The reason is that the labels of the captcha data are difficult to collect for the attacker, and protector can easily control the various parameters of the captchas: like the noise, the font type, the font size, and the background color, then make this security mechanism update with the increased attack methods. It can against attacks in different situations very effectively. This paper presents a method to recognize the different text-based captchas based on a system constituted by the denoising autoencoder and the Convolutional Recurrent Neural Network (CRNN) model with the Connectionist Temporal Classification (CTC) structure. We show that our approach has a better performance for recognizing, and it solves the identification problem of indefinite character length captchas efficiently.

In an agricultural supply chain, farmers, food processors, transportation agencies, importers, and exporters must comply with different regulations imposed by one or more jurisdictions depending on the nature of their business operations. Supply chain stakeholders conventionally transport their goods, along with the corresponding documentation via regulators for compliance checks. This is generally followed by a tedious and manual process to ensure the goods meet regulatory requirements. However, supply chain systems are changing through digitization. In digitized supply chains, data is shared with the relevant stakeholders through digital supply chain platforms, including blockchain technology. In such datadriven digital supply chains, the regulators may be able to leverage digital technologies, such as artificial intelligence and machine learning, to automate the compliance verification process. However, a barrier to progress is the risk that information will not be credible, thus reversing the gains that automation could achieve. Automating compliance based on inaccurate data may compromise the safety and credibility of the agricultural supply chain, which discourages regulators and other stakeholders from adopting and relying on automation. Within this article we consider the challenges of digital supply chains when we describe parts of the compliance management process and how it can be automated to improve the operational efficiency of agricultural supply chains. We introduce assisted autonomy as a means to pragmatically automate the compliance verification process by combining the power of digital systems while keeping the human in-the-loop. We argue that autonomous compliance is possible, but that the need for human led inspection processes will never be replaced by machines, however it can be minimised through “assisted autonomy”.

Recent work on intrusion-tolerance has shown that resilience to sophisticated network attacks requires system replicas to be deployed across at least three geographically distributed sites. While commodity data centers offer an attractive solution for hosting these sites due to low cost and management overhead, their use raises significant confidentiality concerns: system operators may not want private data or proprietary algorithms exposed to servers outside their direct control. We present a new model for Byzantine Fault Tolerant replicated systems that moves toward “intrusion tolerance as a service”. Under this model, application logic and data are only exposed to servers hosted on the system operator's premises. Additional offsite servers hosted in data centers can support the needed resilience without executing application logic or accessing unencrypted state. We have implemented this approach in the open-source Spire system, and our evaluation shows that the performance overhead of providing confidentiality can be less than 4% in terms of latency.

As modern vehicles are complex IoT devices with intelligence capable to connect to an external infrastructure and use Vehicle-to-Everything (V2X) communication, there is a need to secure the communication to avoid being a target for cyber-attacks. Also, the organs of the car (sensors, communication, and control) each could have a vulnerability, that leads to accidents or potential deaths. Manufactures of cars have a huge responsibility to secure the safety of their costumers and should not skip the important security research, instead making sure to implement important security measures, which makes your car less likely to be attacked. This paper covers the relevant attacks and threats to modern vehicles and presents a security analysis with potential countermeasures. We discuss the future of modern and autonomous vehicles and conclude that more countermeasures must be taken to create a future and safe concept.

X-ray baggage security screening is a demanding task for aviation and rail transit security; automatic prohibited item detection in X-ray baggage images can help reduce the work of inspectors. However, as many items are placed too close to each other in the baggages, it is difficult to fully trust the detection results of intelligent prohibited item detection algorithms. In this paper, a human-in-the-loop baggage inspection framework is proposed. The proposed framework utilizes the deep-learning-based algorithm for prohibited item detection to find suspicious items in X-ray baggage images, and select manual examination when the detection algorithm cannot determine whether the baggage is dangerous or safe. The advantages of proposed inspection process include: online to capture new sample images for training incrementally prohibited item detection model, and augmented prohibited item detection intelligence with human-computer collaboration. The preliminary experimental results show, human-in-the-loop process by combining cognitive capabilities of human inspector with the intelligent algorithms capabilities, can greatly improve the efficiency of in-baggage security screening.

The emerging time-sensitive applications, such as industrial automation, smart grids, and telesurgery, pose strong demands for enabling large-scale IP-based deterministic networks. The IETF DetNet working group recently proposes a Cycle Specified Queuing and Forwarding (CSQF) solution. However, CSQF only specifies an underlying device-level primitive while how to achieve network-wide flow scheduling remains undefined. Previous scheduling mechanisms are mostly oriented to the context of local area networks, making them inapplicable to the cyclic traffic in wide area networks. In this paper, we design the Cycle Tags Planning (CTP) mechanism, a first mathematical model to enable network-wide scheduling for cyclic traffic in large-scale deterministic networks. Then, a novel scheduling algorithm named flow offset and cycle shift (FO-CS) is designed to compute the flows' cycle tags. The FO-CS algorithm is evaluated under long-distance network topologies in remote industrial control scenarios. Compared with the Naive algorithm without using FO-CS, simulation results demonstrate that FO-CS improves the scheduling flow number by 31.2% in few seconds.

Network embedding, which aims to map the discrete network topology to a continuous low-dimensional representation space with the major topological properties preserved, has emerged as an essential technique to support various network inference tasks. However, incorporating both the evolutionary nature and the network's heterogeneity remains a challenge for existing network embedding methods. In this study, we propose a novel Translation-Based Dynamic Heterogeneous Network Embedding (TransDHE) approach to consider both the aspects simultaneously. For a dynamic heterogeneous network with a sequence of snapshots and multiple types of nodes and edges, we introduce a translation-based embedding module to capture the heterogeneous characteristics (e.g., type information) of each single snapshot. An orthogonal alignment module and RNN-based aggregation module are then applied to explore the evolutionary patterns among multiple successive snapshots for the final representation learning. Extensive experiments on a set of real-world networks demonstrate that TransDHE can derive the more informative embedding result for the network dynamic and heterogeneity over state-of-the-art network embedding baselines.

The interdisciplinary field of immersive learning research is scattered. Combining efforts for better exploration of this field from the different disciplines requires researchers to communicate and coordinate effectively. We call upon the community of immersive learning researchers for planting the Knowledge Tree of Immersive Learning Research, a proposal for a systematization effort for this field, combining both scholarly and practical knowledge, cultivating a robust and ever-growing knowledge base and methodological toolbox for immersive learning. This endeavor aims at promoting evidence-informed practice and guiding future research in the field. This paper contributes with the rationale for three objectives: 1) Developing common scientific terminology amidst the community of researchers; 2) Cultivating a common understanding of methodology, and 3) Advancing common use of theoretical approaches, frameworks, and models.

Video Conferencing has emerged as a new paradigm of communication in the age of COVID-19 pandemic. This technology is allowing us to have real-time interaction during the social distancing era. Even before the current crisis, it was increasingly commonplace for organizations to adopt a video conferencing tool. As people adopt video conferencing tools and access data with potentially less secure equipment and connections, meetings are becoming a target to cyber attackers. Enforcing appropriate security and privacy settings prevents attackers from exploiting the system. To design the video conferencing system's security and privacy model, an exhaustive threat model must be adopted. Threat modeling is a process of optimizing security by identifying objectives, vulnerabilities, and defining the plan to mitigate or prevent potential threats to the system. In this paper, we use the widely accepted STRIDE threat modeling technique to identify all possible risks to video conferencing tools and suggest mitigation strategies for creating a safe and secure system.

This demo presents a new approach to detecting and countering the aLTEr attack by proactively searching for the threat and automatically remediating it. These processes leverage AI/ML techniques and the automation framework offered by the MonB5G architecture.

As the number of Internet of things devices increases, there is a growing importance of securely managing and storing the secret and private keys in these devices. Public-key cryptosystems or symmetric encryption algorithms both use special keys that need to be kept secret from other peers in the network. Additionally, ensuring the integrity of the installed application firmware of these devices is another security problem. In this study, private key storage methods are explained in general. Also, ESP32-S2 device is used for experimental case study for its robust built-in trusted platform module. Secure boot and flash encryption functionalities of ESP32-S2 device, which offers a solution to these security problems, are explained and tested in detail.

A tamper-resistant logical operation method based on integrated nanophotonics is proposed focusing on electromagnetic side-channel attacks. In the proposed method, only the phase of each optical signal is modulated depending on its logical state, which keeps the power of optical signals in optical logic circuits constant. This provides logic-gate-level tamper resistance which is difficult to achieve with CMOS circuits. An optical implementation method based on electronically-controlled phase shifters is then proposed. The electrical part of proposed circuits achieves 300 times less instantaneous current change, which is proportional to intensity of the leaked electromagnetic wave, than a CMOS logic gate.

The aim of the study is to present an advanced overview and potential application of the innovative tools/software's/methods used for data visualization, text mining, scientific mapping, and bibliometric analysis. Text mining and data visualization has been a topic of research for several years for academic researchers and practitioners. With the advancement in technology and innovation in the data analysis techniques, there are many online and offline software tools available for text mining and visualisation. The purpose of this study is to present an advanced overview of latest, sophisticated, and innovative tools available for this purpose. The unique characteristic about this study is that it provides an overview with examples of the five most adopted software tools such as VOSviewer, Biblioshiny, Gephi, HistCite and CiteSpace in social science research. This study will contribute to the academic literature and will help the researchers and practitioners to apply these tools in future research to present their findings in a more scientific manner.