Wireless communication enables an ingestible device to send sensor information and support external on-demand operation while in the gastrointestinal (GI) tract. However, it is challenging to maintain stable wireless communication with an ingestible device that travels inside the dynamic GI environment as this environment easily detunes the antenna and decreases the antenna gain. In this paper, we propose an air-gap based antenna solution to stabilize the antenna gain inside this dynamic environment. By surrounding a chip antenna with 1 2 mms of air, the antenna is isolated from the environment, recovering its antenna gain and the received signal strength by 12 dB or more according to our in vitro and in vivo evaluation in swine. The air gap makes margin for the high path loss, enabling stable wireless communication at 2.4 GHz that allows users to easily access their ingestible devices by using mobile devices with Bluetooth Low Energy (BLE). On the other hand, the data sent or received over the wireless medium is vulnerable to being eavesdropped on by nearby devices other than authorized users. Therefore, we also propose a lightweight security protocol. The proposed protocol is implemented in low energy without compromising the security level thanks to the base protocol of symmetric challenge-response and Speck, the cipher that is optimized for software implementation.

The notion that ships, marine vessels and off-shore structures are digitally isolated is quickly disappearing. Affordable and accessible wireless communication technologies (e.g., short-range radio, long-range satellite) are quickly removing any air-gaps these entities have. Commercial, defence, and personal ships have a wide range of communication systems to choose from, yet some can weaken the overall ship security. One of the most significant information technologies (IT) being used today is satellite-based communications. While the backbone of this technology is often secure, third-party devices may introduce vulnerabilities. Within maritime industries, the market for satellite communication devices has also grown significantly, with a wide range of products available. With these devices and services, marine cyber-physical systems are now more interconnected than ever. However, some of these off-the-shelf products can be more insecure than others and, as shown here, can decrease the security of the overall maritime network and other connected devices. This paper examines the vulnerability of an existing, off-the-shelf product, how a novel attack-chain can compromise the device, how that introduces vulnerabilities to the wider network, and then proposes solutions to the found vulnerabilities.

Air-gapped workstations are separated from the Internet because they contain confidential or sensitive information. Studies have shown that attackers can leak data from air-gapped computers with covert ultrasonic signals produced by loudspeakers. To counteract the threat, speakers might not be permitted on highly sensitive computers or disabled altogether - a measure known as an ’audio gap.’ This paper presents an attack enabling adversaries to exfiltrate data over ultrasonic waves from air-gapped, audio-gapped computers without external speakers. The malware on the compromised computer uses its built-in buzzer to generate sonic and ultrasonic signals. This component is mounted on many systems, including PC workstations, embedded systems, and server motherboards. It allows software and firmware to provide error notifications to a user, such as memory and peripheral hardware failures. We examine the different types of internal buzzers and their hardware and software controls. Despite their limited technological capabilities, such as 1-bit sound, we show that sensitive data can be encoded in sonic and ultrasonic waves. This is done using pulse width modulation (PWM) techniques to maintain a carrier wave with a dynamic range. We also show that malware can evade detection by hiding in the frequency bands of other components (e.g., fans and power supplies). We implement the attack using a PC transmitter and smartphone app receiver. We discuss transmission protocols, modulation, encoding, and reception and present the evaluation of the covert channel as well. Based on our tests, sensitive data can be exfiltrated from air-gapped computers through its built- in buzzer. A smartphone can receive data from up to six meters away at 100 bits per second.

The rapid advancement of technology in aviation business management, notably through the implementation of location-independent aerodrome control systems, is reshaping service efficiency and cost-effectiveness. However, this emphasis on operational enhancements has resulted in a notable gap in cybersecurity incident management proficiency. This study addresses the escalating sophistication of the cybersecurity threat landscape, where malicious actors target critical safety information, posing risks from disruptions to potential catastrophic incidents. The paper employs a specialized conceptualization technique, derived from prior research, to analyze the interplays between malicious software and degraded modes operations in location-independent aerodrome control systems. Rather than predicting attack trajectories, this approach prioritizes the development of training paradigms to rigorously evaluate expertise across engineering, operational, and administrative levels in air traffic management domain. This strategy offers a proactive framework to safeguard critical infrastructures, ensuring uninterrupted, reliable services, and fortifying resilience against potential threats. This methodology promises to cultivate a more secure and adept environment for aerodrome control operations, mitigating vulnerabilities associated with malicious interventions.

The medium-voltage (MV) power distribution networks have a complex topology, and this can easily cause air arc faults. However, the current of the air arc is low, and the arc temperature is only a few thousand Kelvin. In this case, the arc is in non-local thermodynamic equilibrium (non-LTE). The LTE state of arc is the basis for the establishment of arc model and the calculation of transport coefficient. In this paper, the non-LTE effect of the MV AC air arc is studied by the moiré deflection and the optical emission spectroscopy (OES) techniques.

This paper presents AirKeyLogger - a novel radio frequency (RF) keylogging attack for air-gapped computers.Our keylogger exploits radio emissions from a computer’s power supply to exfiltrate real-time keystroke data to a remote attacker. Unlike hardware keylogging devices, our attack does not require physical hardware. Instead, it can be conducted via a software supply-chain attack and is solely based on software manipulations. Malware on a sensitive, air-gap computer can intercept keystroke logging by using global hooking techniques or injecting malicious code into a running process. To leak confidential data, the processor’s working frequencies are manipulated to generate a pattern of electromagnetic emissions from the power unit modulated by keystrokes. The keystroke information can be received at distances of several meters away via an RF receiver or a smartphone with a simple antenna. We provide related work, discuss keylogging methods and present multi-key modulation techniques. We evaluate our method at various typing speeds and on-screen keyboards as well. We show the design and implementation of transmitter and receiver components and present evaluation findings. Our tests show that malware can eavesdrop on keylogging data in real-time over radio signals several meters away and behind concrete walls from highly secure and air-gapped systems.

Specific Emitter Identification (SEI) is advantageous for its ability to passively identify emitters by exploiting distinct, unique, and organic features unintentionally imparted upon every signal during formation and transmission. These features are attributed to the slight variations and imperfections that exist in the Radio Frequency (RF) front end, thus SEI is being proposed as a physical layer security technique. The majority of SEI work assumes the targeted emitter is a passive source with immutable and difficult-to-mimic signal features. However, Software-Defined Radio (SDR) proliferation and Deep Learning (DL) advancements require a reassessment of these assumptions, because DL can learn SEI features directly from an emitter’s signals and SDR enables signal manipulation. This paper investigates a strong adversary that uses SDR and DL to mimic an authorized emitter’s signal features to circumvent SEI-based identity verification. The investigation considers three SEI mimicry approaches, two different SDR platforms, the presence or lack of signal energy as well as a "decoy" emitter. The results show that "off-the-shelf" DL achieves effective SEI mimicry. Additionally, SDR constraints impact SEI mimicry effectiveness and suggest an adversary’s minimum requirements. Future SEI research must consider adversaries capable of mimicking another emitter’s SEI features or manipulating their own.

In a one-way secret key agreement (OW-SKA) protocol in source model, Alice and Bob have private samples of two correlated variables X and Y that are partially leaked to Eve through the variable Z, and use a single message from Alice to Bob to obtain a shared secret key. We propose an efficient secure OW-SKA when the sent message over the public channel can be tampered with by an active adversary. Our construction uses a specially designed hash function that is used for reconciliation, as well as detection of tampering. In detection of tampering the function is a Message Authentication Code (MAC) that maintains its security when the key is partially leaked. We prove the secrecy of the established key and robustness of the protocol, and discuss our results.

Can we hope to provide provable security against model extraction attacks? As a step towards a theoretical study of this question, we unify and abstract a wide range of “observational” model extraction defenses (OMEDs) - roughly, those that attempt to detect model extraction by analyzing the distribution over the adversary s queries. To accompany the abstract OMED, we define the notion of complete OMEDs - when benign clients can freely interact with the model - and sound OMEDs - when adversarial clients are caught and prevented from reverse engineering the model. Our formalism facilitates a simple argument for obtaining provable security against model extraction by complete and sound OMEDs, using (average-case) hardness assumptions for PAC-learning, in a way that abstracts current techniques in the prior literature. The main result of this work establishes a partial computational incompleteness theorem for the OMED: any efficient OMED for a machine learning model computable by a polynomial size decision tree that satisfies a basic form of completeness cannot satisfy soundness, unless the subexponential Learning Parity with Noise (LPN) assumption does not hold. To prove the incompleteness theorem, we introduce a class of model extraction attacks called natural Covert Learning attacks based on a connection to the Covert Learning model of Canetti and Karchmer (TCC 21), and show that such attacks circumvent any defense within our abstract mechanism in a black-box, nonadaptive way. As a further technical contribution, we extend the Covert Learning algorithm of Canetti and Karchmer to work over any “concise” product distribution (albeit for juntas of a logarithmic number of variables rather than polynomial size decision trees), by showing that the technique of learning with a distributional inverter of Binnendyk et al. (ALT 22) remains viable in the Covert Learning setting.

Most proposals for securing control systems are heuristic in nature, and while they increase the protection of their target, the security guarantees they provide are unclear. This paper proposes a new way of modeling the security guarantees of a Cyber-Physical System (CPS) against arbitrary false command attacks. As our main case study, we use the most popular testbed for control systems security. We first propose a detailed formal model of this testbed and then show how the original configuration is vulnerable to a single-actuator attack. We then propose modifications to the control system and prove that our modified system is secure against arbitrary, single-actuator attacks.

Due to the broadcast nature of power line communication (PLC) channels, confidential information exchanged on the power grid is prone to malicious exploitation by any PLC device connected to the same power grid. To combat the ever-growing security threats, physical layer security (PLS) has been proposed as a viable safeguard or complement to existing security mechanisms. In this paper, the security analysis of a typical PLC adversary system model is investigated. In particular, we derive the expressions of the corresponding average secrecy capacity (ASC) and the secrecy outage probability (SOP) of the considered PLC system. In addition, numerical results are presented to validate the obtained analytical expressions and to assess the relevant PLS performances. The results show significant impacts of the transmission distances and the used carrier frequency on the overall transmission security.

Information system administrators must pay attention to system vulnerability information and take appropriate measures against security attacks on the systems they manage. However, as the number of security vulnerability reports increases, the time required to implement vulnerability remediation also increases, therefore vulnerability risks must be assessed and prioritized. Especially in the early stages of vulnerability discovery, such as zero-day attacks, the risk assessment must consider changes over time, since it takes time to spread the information among adversaries and defenders.The Common Vulnerability Scoring System (CVSS) is used widely for vulnerability risk assessment, but it cannot be said that it can sufficiently cope with temporal changes of risk of attacks. In this paper, we proposed software vulnerability growth models to assist system administrators in decision making. Experimental results show that these models can provide a visual representation of the risk over time.

In wireless security, cognitive adversaries are known to inject jamming energy on the victim’s frequency band and monitor the same band for countermeasures thereby trapping the victim. Under the class of cognitive adversaries, we propose a new threat model wherein the adversary, upon executing the jamming attack, measures the long-term statistic of Kullback-Leibler Divergence (KLD) between its observations over each of the network frequencies before and after the jamming attack. To mitigate this adversary, we propose a new cooperative strategy wherein the victim takes the assistance for a helper node in the network to reliably communicate its message to the destination. The underlying idea is to appropriately split their energy and time resources such that their messages are reliably communicated without disturbing the statistical distribution of the samples in the network. We present rigorous analyses on the reliability and the covertness metrics at the destination and the adversary, respectively, and then synthesize tractable algorithms to obtain near-optimal division of resources between the victim and the helper. Finally, we show that the obtained near-optimal division of energy facilitates in deceiving the adversary with a KLD estimator.

Current threat modeling methods focus on understanding the protected network from the perspective of the owners of those networks rather than on comprehensively understanding and integrating the methodology and intent of the threat. We argue that layering the human factors of the adversary over the existing threat models increases the ability of cybersecurity practitioners to truly understand possible threats. Therefore, we need to expand existing adversary and threat modeling approaches in cyberspace to include the representation of human factors of threats, specifically motivations, biases, and perceptions. This additional layer of modeling should be informed by an analysis of cyber threat intelligence reporting. By creating and adopting this expanded modeling, cybersecurity practitioners would have an understanding of how an adversary views their network, which would expand their ability to understand how their network is most likely to be attacked.

The high directionality of millimeter-wave (mmWave) communication systems has proven effective in reducing the attack surface against eavesdropping, thus improving the physical layer security. However, even with highly directional beams, the system is still exposed to eavesdropping against adversaries located within the main lobe. In this paper, we propose BeamSec, a solution to protect the users even from adversaries located in the main lobe. The key feature of BeamSec are: (i) Operating without the knowledge of eavesdropper’s location/channel; (ii) Robustness against colluding eavesdropping attack and (iii) Standard compatibility, which we prove using experiments via our IEEE 802.11ad/ay-compatible 60 GHz phased-array testbed. Methodologically, BeamSec first identifies uncorrelated and diverse beampairs between the transmitter and receiver by analyzing signal characteristics available through standard-compliant procedures. Next, it encodes the information jointly over all selected beampairs to minimize information leakage. We study two methods for allocating transmission time among different beams, namely uniform allocation (no knowledge of the wireless channel) and optimal allocation for maximization of the secrecy rate (with partial knowledge of the wireless channel). Our experiments show that BeamSec outperforms the benchmark schemes against single and colluding eavesdroppers and enhances the secrecy rate by 79.8\% over a random paths selection benchmark.

The rapid growth of communication networks, coupled with the increasing complexity of cyber threats, necessitates the implementation of proactive measures to protect networks and systems. In this study, we introduce a federated learning-based approach for cyber threat hunting at the endpoint level. The proposed method utilizes the collective intelligence of multiple devices to effectively and confidentially detect attacks on individual machines. A security assessment tool is also developed to emulate the behavior of adversary groups and Advanced Persistent Threat (APT) actors in the network. This tool provides network security experts with the ability to assess their network environment s resilience and aids in generating authentic data derived from diverse threats for use in subsequent stages of the federated learning (FL) model. The results of the experiments demonstrate that the proposed model effectively detects cyber threats on the devices while safeguarding privacy.

Intelligent security system is an important part of intelligent site construction, which directly affects the life safety of operators and the level of engineering supervision. Traditional security communication systems for construction, mineral mining and other fields have problems such as small network coverage, low capacity, short terminal life and relatively simple function. According to the application scenarios and business requirements of intelligent security system, this paper uses LoRa AD-hoc networking technology to carry out the network architecture research and key technology design of intelligent security AD-hoc networking system. Further, the detailed design of the embedded software of the system terminal and gateway is completed, and the functions of physical sign monitoring, danger warning and terminal positioning are realized.

Low probability of detection (LPD) has recently emerged as a means to enhance the privacy and security of wireless networks. Unlike existing wireless security techniques, LPD measures aim to conceal the entire existence of wireless communication instead of safeguarding the information transmitted from users. Motivated by LPD communication, in this paper, we study a privacy-preserving and distributed framework based on graph neural networks to minimise the detectability of a wireless ad-hoc network as a whole and predict an optimal communication region for each node in the wireless network, allowing them to communicate while remaining undetected from external actors. We also demonstrate the effectiveness of the proposed method in terms of two performance measures, i.e., mean absolute error and median absolute error.

Vehicular Ad Hoc Networks (VANETs) have the capability of swapping every node of every individual while driving and traveling on the roadside. The VANET-connected vehicle can send and receive data such as requests for emergency assistance, current traffic conditions, etc. VANET assistance with a vehicle for communication purposes is desperately needed. The routing method has the characteristics of safe routing to repair the trust-based features on a specific node.When malicious activity is uncovered, intrusion detection systems (IDS) are crucial tools for mitigating the damage. Collaborations between vehicles in a VANET enhance detection precision by spreading information about interactions across their nodes. This makes the machine learning distribution system feasible, scalable, and usable for creating VANET-based cooperative detection techniques. Privacy considerations are a major impediment to collaborative learning due to the data flow between nodes. A malicious node can get private details about other nodes by observing them. This study proposes a cooperative IDS for VANETs that safeguards the data generated by machine learning. In the intrusion detection phase, the selected optimal characteristics is used to detect network intrusion via a hybrid Deep Neural Network and Bidirectional Long Short-Term Memory approach. The Trust-based routing protocol then performs the intrusion prevention process, stopping the hostile node by having it select the most efficient routing path possible.

Named Data Networking (NDN) has been considered a promising network architecture for Vehicular Ad Hoc Networks (VANETs), what became known as Vehicular Named-Data Networking (VNDN). This new paradigm brings the potential to improve Vehicle-to-Vehicle (V2V) and Vehicle-to-Infrastructure (V2I) that are inefficient in urban intelligent transport scenarios. Despite the advantages, VNDN brings inherent problems, such as the routing interest packages on NDN, which causes serious problem in the vehicular environment. The broadcast storm attack results in a huge amount of packet loss, provoking transmission overload. In addition, the link disconnection caused by the highly dynamic topology leads to a low package delivery rate. In this article, we propose a strategy for forwarding packages of interest in VNDN networks, using fuzzy logic to mitigate the broadcast storm. The proposal also aims to avoid packet collision and efficient data recovery, which the approach is based on metrics such as the nodes distance, the link stability and the signal quality. The results show a reduction in the number of Interest and Data packets without disrupting network performance maintaining adequate Interest delays.

One of the popular networks highly used for creating various Adhoc network applications is Mobile Ad hoc Networks, which are vulnerable to various security attacks, one of which is the blackhole attack. One of the networks that come under MANET is the Vehicular Adhoc network. It uses multi-hop data transmission, which provides various pathways to malicious attacks. One of the attacks, non-identifiable easily, is a blackhole attack, a category of DoS attack. Earlier research methods provided different algorithms for identifying and detecting individual attacks or standard security methods. At the same time, the accuracy of malicious activity detection and elimination is not up to the mark. In which a malevolent node misleadingly publicizes itself as having the shortest path to a destination, causing other nodes to send their data to it, which the attacker discards. This paper proposes a genetic algorithm-based approach for detecting blackhole attacks in VANETs. Our approach uses a combination of network metrics, such as network throughput and end-to-end delay, and genetic algorithms to identify malicious nodes. The genetic algorithm is used to optimize the selection of network metrics and determine the weights given to each metric in the detection process. Simulation results show that our approach effectively detects blackhole attacks with high accuracy and low false positive rates.

At present, the application of wireless Ad hoc network in the field of mobile security inspection is in its infancy, and the network security protection means for the power industry are still insufficient, which is highlighted by the lack of efficient security authentication means for Ad hoc network, and it is difficult to completely eliminate security risks such as illegal terminal intrusion, data counterfeiting and tampering. A decentralized security authentication scheme suitable for Ad hoc network is designed, which can solve the security trust transfer problem on the variable network topology. Under any network route, the security trust is transferred to the proxy node step by step through multiple peer authentication, and the authentication chain is eUEblished between the digital intelligence edge proxy device, the proxy node and the node to be accessed. On the one hand, it can effectively solve the counterfeit problem of A-nodes and proxy nodes; on the other hand, it can greatly reduce the problem of reduced security authentication efficiency caused by deepening network hierarchy.

The new power system puts forward higher requirements for the communication interconnection of power equipment, especially in power areas that are difficult to cover by public networks and private power networks. As an efficient means, although building power communication ad hoc network has the advantages of low cost and flexibility, it puts forward higher requirements for the security of power ad hoc networks. This paper proposes a lightweight and secure access method for power WIFI to better meet the real-time requirements of power ad hoc networks. Based on the analysis of STA and AP flexible networking switching modes of WIFI ad hoc network system, this paper focuses on the security challenges of power WIFI ad hoc network system. Meanwhile, according to the environmental characteristics of the power ad hoc network, we simplify and improve the classic WIFI secure communication in three stages: Scanning, link authentication, and association, to improve lightweight and secure access to power WIFI. The secure access example of power ad hoc network of multiple nodes proves the effectiveness of the proposed method.

Information-Centric Networking (ICN) has emerged as a perfect match to support data-driven applications. Typically, ICN ensures data integrity and authenticity, by provisioning signed and verifiable data packets. Nonetheless, the ICN cryptography-based security scheme entails increased computational and communication cost, while also necessitates continuous connectivity to the infrastructure. We claim that this security approach requires supportive mechanisms to perform adequately in scenarios involving disruptive connectivity and short-term communication. In this paper, we investigate the applicability of two security approaches, namely the in-force cryptographybased approach and a ‘lighter’ reputation-based one, in ad hoc information-centric networks, and aim to identify the pros and cons of each solution. Our experiments rely on a scenario deemed appropriate for the particular research objective: we selected an ICN-based Flying Ad hoc Network (FANET). We assess the impact of intermittent connectivity, as well as, the associated computational and communication cost, and the dynamics of mobility. Our results demonstrate that the reputation-based approach allows for building trust relations in a fast and lightweight manner, but without requiring permanent connectivity to trusted third parties. Therefore, we argue that the standard ICN security system can be consolidated by integrating reputation-based trust as an essential complementary mechanism.

Unmanned aerial vehicles (UAVs) can be deployed and managed in a variety of applications with the help of flying ad hoc networks, or FANETs. However, the dynamically changing topology in FANET has raised significant challenges, mainly related to the insurance of security as a required service for the optimal performance of FANET networks. Blockchain technology has recently been used as an innovative solution to improve FANET security, due to its main characteristics such as transparency, decentralization, and tamper-proof nature. In this poster, we detail some current applications of Blockchain to secure FANET including military, surveillance, and Industry 4.0 services. Finally, we discuss some of the common issues associated with the application of Blockchain on FANET networks.