Measurement and Metrics Testing - FIPS 140-3 is the main standard defining security requirements for cryptographic modules in U.S. and Canada; commercially viable hardware modules generally need to be compliant with it. The scope of FIPS 140-3 will also expand to the new NIST Post-Quantum Cryptography (PQC) standards when migration from older RSA and Elliptic Curve cryptography begins. FIPS 140-3 mandates the testing of the effectiveness of “non-invasive attack mitigations”, or side-channel attack countermeasures. At higher security levels 3 and 4, the FIPS 140-3 side-channel testing methods and metrics are expected to be those of ISO 17825, which is based on the older Test Vector Leakage Assessment (TVLA) methodology. We discuss how to apply ISO 17825 to hardware modules that implement lattice-based PQC standards for public-key cryptography – Key Encapsulation Mechanisms (KEMs) and Digital Signatures. We find that simple “random key” vs. “fixed key” tests are unsatisfactory due to the close linkage between public and private components of PQC keypairs. While the general statistical testing approach and requirements can remain consistent with older public-key algorithms, a non-trivial challenge in creating ISO 17825 testing procedures for PQC is the careful design of test vector inputs so that only relevant Critical Security Parameter (CSP) leakage is captured in power, electromagnetic, and timing measurements.

Measurement and Metrics Testing - This paper belongs to a sequence of manuscripts that discuss generic and easy-to-apply security metrics for Strong PUFs. These metrics cannot and shall not fully replace in-depth machine learning (ML) studies in the security assessment of Strong PUF candidates. But they can complement the latter, serve in initial PUF complexity analyses, and are much easier and more efficient to apply: They do not require detailed knowledge of various ML methods, substantial computation times, or the availability of an internal parametric model of the studied PUF. Our metrics also can be standardized particularly easily. This avoids the sometimes inconclusive or contradictory findings of existing ML-based security test, which may result from the usage of different or non-optimized ML algorithms and hyperparameters, differing hardware resources, or varying numbers of challenge-response pairs in the training phase.

Measurement and Metrics Testing - Fuzz testing is an indispensable test-generation tool in software security. Fuzz testing uses automated directed randomness to explore a variety of execution paths in software, trying to expose defects such as buffer overflows. Since cyber-physical systems (CPS) are often safety-critical, testing models of CPS can also expose faults. However, while existing coverage-guided fuzz testing methods are effective for software, results can be disappointing when applied to CPS, where systems have continuous states and inputs are applied at different points in time.

Measurement and Metrics Testing - Nowadays, attackers are increasingly using UseAfter-Free(UAF) vulnerabilities to create threats against software security. Existing static approaches for UAF detection are capable of finding potential bugs in the large code base. In most cases, analysts perform manual inspections to verify whether the warnings detected by static analysis are real vulnerabilities. However, due to the complex constraints of constructing UAF vulnerability, it is very time and cost-intensive to screen all warnings. In fact, many warnings should be discarded before the manual inspection phase because they are almost impossible to get triggered in real-world, and it is often overlooked by current static analysis techniques.

Measurement and Metrics Testing - Software testing is one of the most critical and essential processes in the software development life cycle. It is the most significant aspect that affects product quality. Quality and service are critical success factors, particularly in the software business development market. As a result, enterprises must execute software testing and invest resources in it to ensure that their generated software products meet the needs and expectations of end-users. Test prioritization and evaluation are the key factors in determining the success of software testing. Test suit coverage metrics are commonly used to evaluate the testing process. Soft Computing techniques like Genetic Algorithms and Particle Swarm Optimization have gained prominence in various aspects of testing. This paper proposes an automated Genetic Algorithm approach to prioritizing the test cases and the evaluation through code coverage metrics with the Coverlet tool. Coverlet is a.NET code coverage tool that works across platforms and supports line, branch, and method coverage. Coverlet gathers data from Cobertura coverage test runs, which are then utilized to generate reports. Resultant test suits generated were validated and analyzed and have had significant improvement over the generations.

Measurement and Metrics Testing - Due to the increasing complexity of modern heterogeneous System-on-Chips (SoC) and the growing vulnerabilities, security risk assessment and quantification is required to measure the trustworthiness of a SoC. This paper describes a systematic approach to model the security risk of a system for malicious hardware attacks. The proposed method uses graph analysis to assess the impact of an attack and the Common Vulnerability Scoring System (CVSS) is used to quantify the security level of the system. To demonstrate the applicability of the proposed metric, we consider two open source SoC benchmarks with different architectures. The overall risk is calculated using the proposed metric by computing the exploitability and impact of attack on critical components of a SoC.

Measurement and Metrics Testing - We continue to tackle the problem of poorly defined security metrics by building on and improving our previous work on designing sound security metrics. We reformulate the previous method into a set of conditions that are clearer and more widely applicable for deriving sound security metrics. We also modify and enhance some concepts that led to an unforeseen weakness in the previous method that was subsequently found by users, thereby eliminating this weakness from the conditions. We present examples showing how the conditions can be used to obtain sound security metrics. To demonstrate the conditions’ versatility, we apply them to show that an aggregate security metric made up of sound security metrics is also sound. This is useful where the use of an aggregate measure may be preferred, to more easily understand the security of a system.

Measurement and Metrics Testing - Any type of engineered design requires metrics for trading off both desirable and undesirable properties. For integrated circuits, typical properties include circuit size, performance, power, etc., where for example, performance is a desirable property and power consumption is not. Security metrics, on the other hand, are extremely difficult to develop because there are active adversaries that intend to compromise the protected circuitry. This implies metric values may not be static quantities, but instead are measures that degrade depending on attack effectiveness. In order to deal with this dynamic aspect of a security metric, a general attack model is proposed that enables the effectiveness of various security approaches to be directly compared in the context of an attack. Here, we describe, define and demonstrate that the metrics presented are both meaningful and measurable.

MANET Security - The detection and maintenance of the pathway from the source to the destination or from one node to another node is the major role played by the nodes in the MANET. During their period, nodes arrive or leave the network, and endlessly modify their comparative location. The dynamic nature introduces several security issues. Secure routing protocol is a significant area for attaining better security in the network by keeping the routing protocols against attacks. Thus, this research work focuses on developing a secure routing protocol for MAN ET. Here, a dynamic anomaly detection scheme has proposed to detect against malicious attacks in the network. This scheme has been incorporated with AODV protocol to enhance the performance of AODV in disseminating packets to target node. In this research work Protected AODV (PAODV) is protocol is introduced to identify the false alarm node in the network and route path for reliable communication between the source to destination. Simulation results it shows the detection rate, Packet drop rate and delay is minimized compare to the existing technique.

MANET Security - Recently, the mobile ad hoc network (MANET) has enjoyed a great reputation thanks to its advantages such as: high performance, no expensive infrastructure to install, use of unlicensed frequency spectrum, and fast distribution of information around the transmitter. But the topology of MANETs attracts the attention of several attacks. Although authentication and encryption techniques can provide some protection, especially by minimizing the number of intrusions, such cryptographic techniques do not work effectively in the case of unseen or unknown attacks. In this case, the machine learning approach is successful to detect unfamiliar intrusive behavior. Security methodologies in MANETs mainly focus on eliminating malicious attacks, misbehaving nodes, and providing secure routing.

MANET Security - The current stady is confined in proposing a reputation based approach for detecting malicious activity where past activities of each node is recorded for future reference. It has been regarded that the Mobile ad-hoc network commonly called as (MANET) is stated as the critical wireless network on the mobile devices using self related assets. Security considered as the main challenge in MANET. Many existing work has done on the basis of detecting attacks by using various approaches like Intrusion Detection, Bait detection, Cooperative malicious detection and so on. In this paper some approaches for identifying malicious nodes has been discussed. But this Reputation based approach mainly focuses on sleuthing the critcal nodes on the trusted path than the shortest path. Each node will record the activity of its own like data received from and Transferred to information. As soon as a node update its activity it is verified and a trust factor is assigned. By comparing the assigned trust factor a list of suspicious or malicious node is created..

MANET Security - Remote correspondence innovations are assuming a critical part in the plan and execution of Mobile Ad hoc Network (MANET). The portrayal of MANET, for example, dynamism in geography, restricted transfer speed and power usage expands the unlicensed correspondence advancements and intricacies in existing conventions. This paper analyzes the current and not so distant future Wireless correspondence Technologies in the 2.4 GHz band. Additionally, this paper thinks about the features and limits of those advances lastly closes with the need for the improvement of reasonable brought together convention for existing and future remote advances. It has been considered that the overview and correlation introduced in this paper would help specialists and application engineers in choosing a fitting innovation for MANET administrations.

MANET Security - Mobile ad hoc networks can expand access networks service zones and offer wireless to previously unconnected or spotty areas. Ad hoc networking faces transmission failures limited wireless range, disguised terminal faults and packet losses, mobility-induced route alterations, and battery constraints. A network layer metric shows total network performance. Ad-hoc networking provides access networks, dynamic multi-hop architecture, and peer-to-peer communication. In MANET, each node acts as a router, determining the optimum route by travelling through other nodes. MANET includes dynamic topology, fast deployment, energy-restricted operation, and adjustable capacity and bandwidth. Dynamic MANET increases security vulnerabilities. Researchers have employed intrusion detection, routing, and other techniques to provide security solutions. Current technologies can t safeguard network nodes. In a hostile environment, network performance decreases as nodes increase. This paper presents a reliable and energy-efficient Firefly Energy Optimized Routing (IFEOR)-based routing method to maximise MANET data transmission energy. IFEOR measures MANET firefly light intensity to improve routing stability. The route path s energy consumption determines the firefly s brightness during MANET data packet transfer. Adopting IFEOR enhanced packet delivery rates and routing overheads. End-to-end delay isn t reduced since nodes in a route may be idle before sending a message. Unused nodes use energy.

MANET Security - Many systems have recently begun to examine blockchain qualities in order to create cooperation enforcement methods. This paper provides a complete aod extensive evaluation of work on multi-hop MANETs with blockchain-based trust control between nodes. We contextualize tbe snag of security in MANETs resulting from the lack of trust between the participating nodes. We present tbe blockchain concepts aod discuss tbe limitation of tbe current blockchain in MANETs. We review the promising proposed ideas in the state-of-the-art based on research papers. FinaUy, we discuss aod summarize strategies and chaUenges for further research.

Microelectronics Security - In this paper, we present research on the analysis of the design space for cybersecurity visualizations in VizSec. At the beginning of this research, we analyzed 17 survey papers in the field of cybersecurity visualization. Based on the analysis of the focus areas in each of these survey papers, we identified five key components of visualization design, i.e. Input Data, Security Tasks, Visual Encoding, Interactivity, and Evaluation. To show how research papers align with these components, we analyzed 60 papers published at the IEEE Symposium on Visualization for Cyber Security (VizSec) between 2016 and 2021 in the context of the five identified components. As a result, each research paper was classified into several categories derived from the selected components of the visualization design. Our contributions are: (i) an analysis of the focus areas in survey papers on cybersecurity visualization and (ii) the classification of 60 research papers in the context of the selected components of the visualization design. Finally, we highlighted the main findings of the analysis and drew conclusions.

Microelectronics Security - A mail spoofing attack is a harmful activity that modifies the source of the mail and trick users into believing that the message originated from a trusted sender whereas the actual sender is the attacker. Based on the previous work, this paper analyzes the transmission process of an email. Our work identifies new attacks suitable for bypassing SPF, DMARC, and Mail User Agent’s protection mechanisms. We can forge much more realistic emails to penetrate the famous mail service provider like Tencent by conducting the attack. By completing a large-scale experiment on these well-known mail service providers, we find some of them are affected by the related vulnerabilities. Some of the bypass methods are different from previous work. Our work found that this potential security problem can only be effectively protected when all email service providers have a standard view of security and can configure appropriate security policies for each email delivery node. In addition, we also propose a mitigate method to defend against these attacks. We hope our work can draw the attention of email service providers and users and effectively reduce the potential risk of phishing email attacks on them.

Microelectronics Security - The boundaries between the real world and the virtual world are going to be blurred by Metaverse. It is transforming every aspect of humans to seamlessly transition from one virtual world to another. It is connecting the real world with the digital world by integrating emerging tech like 5G, 3d reconstruction, IoT, Artificial intelligence, digital twin, augmented reality (AR), and virtual reality (VR). Metaverse platforms inherit many security \& privacy issues from underlying technologies, and this might impede their wider adoption. Emerging tech is easy to target for cybercriminals as security posture is in its infancy. This work elaborates on current and potential security, and privacy risks in the metaverse and put forth proposals and recommendations to build a trusted ecosystem in a holistic manner.

Microelectronics Security - The need for safe large data storage services is at an all-time high and confidentiality is a fundamental need of any service. Consideration must also be given to service customer anonymity, one of the most important privacy considerations. As a result, the service should offer realistic and fine-grained [11] encrypted data sharing, which allows a data owner to share a cipher text of data with others under certain situations. In order to accomplish the aforesaid characteristics, our system offers a novel privacy- preserving cipher text multi-sharing technique. In this way, proxy re-encryption and anonymity are combined to allow many receivers to safely and conditionally receive a cipher text while maintaining the confidentiality of the underlying message and the identities of the senders and recipients. In this paper, a logical cloud security scheme is introduced called Modified Data Cipher Policies (MDCP), in which it is a new primitive also protects against known cipher text attacks, as demonstrated by the system.

Microelectronics Security - In recent years, information and communication systems have experienced serious security issues due to the rising popularity of image-sharing platforms and the ubiquity of numerous smart electronic devices. The increased volume of data generated by the medical and clinical communities necessitates the use of such advanced platforms for data exchange. As a result, the implementation of improved procedures and resources in terms of storage and security is essential. This research proposes a novel medical image encryption method based on chaos sequence and the modified Twofish algorithm. A quick and more efficient algorithm than current methods is built using chaos-based image encryption methods. The modified algorithm can be applied for hardware applications.

Microelectronics Security - By analyzing the current research status at home and abroad, researching and analyzing the system requirements, we develops and designs an environmental and security system based on NB-IoT and ZigBee protocols, so that the sensor data collected on the device side can realize realtime data monitoring and home environment safety alarm on the open-source control platform and user terminal. Finally, we test and demonstrate the system and summarize the results and future prospects.

Microelectronics Security - In practice, different styles of side channel attacks can utilize the leakages of a crypto device to recover the used secret key, which can pose a serious threat on the physical security of a crypto device. Among different styles of side channel attacks, template attack can be information theoretically the strongest attack style. However, numerical problems can seriously influence the key-recovery efficiency of template attack in practice, which can make template attack useless in practice. In light of this, the variance analysis based distinguisher is proposed for template attack. Compared with the classical template attack, variance analysis based template attack can reduce the computational complexity of template attack from O(d3) to O(d), where d denotes the number of interesting points. Besides, numerical problems do not exist anymore. Therefore, a large number of interesting points can be chosen to enlarge the leakage exploitation and accordingly optimize the key-recovery efficiency of template attack. The key-recovery efficiency of variance analysis based template attack is evaluated in both simulated and real scenarios, and the evaluation results show that compared with the classical template attack, variance analysis based template attack can maintain a high key-recovery efficiency while significantly decrease the number of traces that should be used in the profiling phase of template attack.

Microelectronics Security - In this paper, we propose a Chaotic Probability Constellation Shaping (CPCS) method in Free-Space Optical (FSO) communication to enhance security and improve the performance of the transmission data. Gather as many points as possible in the middle via chaotic controlling. The influence of turbulence on the signal transmission can be attenuated to the minimum. In the simulation, a ratio of 56Gb/s 16-QAM signal is transmitted 1-km space channel with an attenuation index of 10dB/km. The CPCS technique can improve almost 0.5 dB optical signal noise ratio (OSNR) performance @10-3 BER than that of the related original signal. Simulation results indicate that the proposed method not only enhances the security but also improves the BER performance.

Microelectronics Security - With the increasing improvement of network security technology, network security management is forming a closedloop process of transitioning from post-fire fighting to prechecking, real-time monitoring and protection, and postdisposal reinforcement. This paper introduces a new system based on network asset risk assessment and network asset security protection, which is capable of detecting unrepaired security vulnerabilities in network assets and monitoring users’ assets for compliance, and notifying them if there are problems, and also has SYSLOG asset upload technology for uploading asset changes.

Microelectronics Security - Web application security is the most important area when it comes to developing a web application. Many web applications having vulnerabilities due to poor implementation of security measures. These web applications will be deployed without fixing the vulnerabilities thus becomes vulnerable to many cyber-attacks. Simple attacks like brute-force and NoSQL injection could give unauthorized access to the user accounts. This leads to user privacy issues which could create huge loss to the organizations. These vulnerabilities can be fixed by implementing the necessary security measures while developing the web application. OWASP (Open Web Application Security Project) is a non-profit organization which gives the severity, impact and prevention methods about Top 10 vulnerabilities in web applications. This research deals with the implementation of bestsecurity practices for Node.js web applications in detail. This research paper proposes the security mechanisms for attacks related to front-end, middleware and backend web development using OWASP suggestions. The main focus of this research paper is on prevention of Denial-of-service attack, Brute force attack, NoSQL injection attack and Unrestricted file upload vulnerability.The proposed prevention methods are implemented in a web application to test the defensive mechanisms against the mentionedvulnerabilities.

Malware Classification - With the rapid development of technology and the increase in the use of Android software, the number of malware has also increased. This study presents a classification as malware/goodware with the features of 4465 Android applications. Cost is an important problem for the increasing number of applications and the analyzes to be made on each application. This study focused on this problem with the hybrid use of Gray Wolf Optimization Algorithm (GWO) and Deep Neural Networks (DNN). With the use of GWO, both feature selection and the features of the model to be created with DNN are determined. In this way, an approximate solution proposal is presented for the most suitable features and the most suitable model design. The model, which was created with the use of GWO-DNN hybrid in this study, offers an F1 score of 99.74%.