Cyber Physical Systems and Privacy 2015 |
The research work cited here looks at the Science of Security problem of Privacy in the context of cyber physical systems. The work was presented in 2015.
C. Konstantinou, M. Maniatakos, F. Saqib, S. Hu, J. Plusquellic and Y. Jin, “Cyber-Physical Systems: A Security Perspective,” Test Symposium (ETS), 2015 20th IEEE European, Cluj-Napoca, 2015, pp. 1-8. doi: 10.1109/ETS.2015.7138763
Abstract: A cyber-physical system (CPS) is a composition of independently interacting components, including computational elements, communications and control systems. Applications of CPS institute at different levels of integration, ranging from nation-wide power grids, to medium scale, such as the smart home, and small scale, e.g. ubiquitous health care systems including implantable medical devices. Cyber-physical systems primarily transmute how we interact with the physical world, with each system requiring different levels of security based on the sensitivity of the control system and the information it carries. Considering the remarkable progress in CPS technologies during recent years, advancement in security and trust measures is much needed to counter the security violations and privacy leakage of integration elements. This paper focuses on security and privacy concerns at different levels of the composition and presents system level solutions for ensuring the security and trust of modern cyber-physical systems.
Keywords: data privacy; security of data; CPS; communications; computational elements; control systems; cyber-physical system; integration elements; nation-wide power grids; privacy leakage; security measure; security violations; smart home; trust measure; ubiquitous health care systems; Computer crime; Guidelines; Medical services; Smart grids; Smart homes (ID#: 16-11003)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7138763&isnumber=7138715
L. Vegh and L. Miclea, “A Simple Scheme for Security and Access Control in Cyber-Physical Systems,” Control Systems and Computer Science (CSCS), 2015 20th International Conference on, Bucharest, 2015, pp. 294-299. doi: 10.1109/CSCS.2015.13
Abstract: In a time when technology changes continuously, where things you need today to run a certain system, might not be needed tomorrow anymore, security is a constant requirement. No matter what systems we have, or how we structure them, no matter what means of digital communication we use, we are always interested in aspects like security, safety, privacy. An example of the ever-advancing technology are cyber-physical systems. We propose a complex security architecture that integrates several consecrated methods such as cryptography, steganography and digital signatures. This architecture is designed to not only ensure security of communication by transforming data into secret code, it is also designed to control access to the system and detect and prevent cyber attacks.
Keywords: authorisation; cryptography; digital signatures; steganography; access control; cyber attacks; cyber-physical system; security architecture; security requirement; system security; Computer architecture; Digital signatures; Encryption; Public key; cyber-physical systems; multi-agent systems (ID#: 16-11004)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7168445&isnumber=7168393
L. Feng and B. McMillin, “Information Flow Quantification Framework for Cyber Physical System with Constrained Resources,” Computer Software and Applications Conference (COMPSAC), 2015 IEEE 39th Annual, Taichung, 2015, pp. 50-59. doi: 10.1109/COMPSAC.2015.92
Abstract: In Cyber Physical Systems (CPSs), traditional security mechanisms such as cryptography and access control are not enough to ensure the security of the system. In a CPS, security is violated through complex interactions between the cyber and physical worlds, and, most insidiously, unintended information leakage through observable physical actions. Information flow analysis, which aims at controlling the way information flows among different entities, is better suited for CPSs. Information theory is widely used to quantify information leakage received by a program that produces a public output. Quantifying information leakage in CPSs can, however, be challenging due to implicit information flow between the cyber portion, the physical portion, and the outside world. This paper focuses on statistical methods to quantify information leakage in CPSs, especially, CPSs that allocate constrained resources. With aggregated physical observations, unintended information about the constrained resource might be leaked. The framework proposed is based on the advice tape concept of algorithmically quantifying information leakage and statistical analysis. An electric smart grid has been used as an example to develop confidence intervals of information leakage within a real CPS. The impact of this work is that it can be used as in algorithmic design to allocate electric power to nodes while maximizing the uncertainly of the information flow to an attacker.
Keywords: data privacy; security of data; statistical analysis; CPSs; access control; aggregated physical observations; confidence intervals; constrained resources; cryptography; cyber physical system; electric power allocation; electric smart grid; information flow quantification framework; information leakage; information theory; security mechanisms; statistical analysis; unintended information; Algorithm design and analysis; Complexity theory; Entropy; Security; Smart grids; Standards; Uncertainty; advice tape; confidence interval; information flow; quantify (ID#: 16-11005)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7273599&isnumber=7273573
Y. Zhou, S. Chen, Z. Mo and Q. Xiao, “Point-to-Point Traffic Volume Measurement through Variable-Length Bit Array Masking in Vehicular Cyber-Physical Systems,” Distributed Computing Systems (ICDCS), 2015 IEEE 35th International Conference on, Columbus, OH, 2015, pp. 51-60. doi: 10.1109/ICDCS.2015.14
Abstract: In this paper, we consider an important problem of privacy-preserving point-to-point traffic volume measurement in vehicular cyber physical systems (VCPS), whose focus is utilizing VCPS to enable automatic traffic data collection, and measuring point-to-point traffic volume while preserving the location privacy of all participating vehicles. The novel scheme that we propose tackles the efficiency, privacy, and accuracy problems encountered by previous solutions. Its applicability is demonstrated through both mathematical and numerical analysis. The simulation results also show its superior performance.
Keywords: data privacy; traffic engineering computing; vehicles; VCPS; automatic traffic data collection; location privacy; mathematical analysis; numerical analysis; privacy-preserving point-to-point traffic volume measurement; variable-length bit array masking; vehicular cyber-physical systems; Accuracy; Arrays; Privacy; Servers; Vehicles; Volume measurement (ID#: 16-11006)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7164892&isnumber=7164877
I. Halcu, D. Nunes, V. Sgârciu and J. S. Silva, “New Mechanisms for Privacy in Human-in-the-Loop Cyber-Physical Systems,” Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS), 2015 IEEE 8th International Conference on, Warsaw, 2015, pp. 418-423. doi: 10.1109/IDAACS.2015.7340770
Abstract: Nowadays, we witness a tremendous increase in systems that sense various facets of humans and their surrounding environments. In particular, the detection of human emotions can lead to emotionally-aware applications that use this information to help improving people's daily lives and offering new business opportunities. We address the issue of maintaining privacy for this type of applications. In this paper, we propose a general model that focuses on privacy-preserving mechanisms for a Human-in-the-loop emotionally-aware Cyber-Physical System (HiTLCPS). As a proof-of-concept, we also present an emotionally aware application that attempts to positively impact students' lives without compromising their privacy1.
Keywords: data privacy; emotion recognition; HiTLCPS; business opportunities; emotionally-aware applications; human emotions; human-in-the-loop emotionally-aware cyber-physical systems; privacy-preserving mechanisms; Context; Data privacy; Privacy; Security; Sensors; Smart phones; Social network services; Anonymity; Emotion detection; Human-in-the-loop; Privacy (ID#: 16-11007)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7340770&isnumber=7340677
S. Götz, I. Gerostathopoulos, F. Krikava, A. Shahzada and R. Spalazzese, “Adaptive Exchange of Distributed Partial Models@run.time for Highly Dynamic Systems,” Software Engineering for Adaptive and Self-Managing Systems (SEAMS), 2015 IEEE/ACM 10th International Symposium on, Florence, 2015, pp. 64-70. doi: 10.1109/SEAMS.2015.25
Abstract: Future software systems will be highly dynamic. We are already experiencing, for example, a world where Cyber-Physical Systems (CPSs) play a more and more crucial role. CPSs integrate computational, physical, and networking elements, they comprise a number of subsystems, or entities, that are connected and work together. The open and highly distributed nature of the resulting system gives rise to unanticipated runtime management issues such as the organization of subsystems and resource optimization. In this paper, we focus on the problem of knowledge sharing among cooperating entities of a highly distributed and self-adaptive CPS. Specifically, the research question we address is how to minimize the knowledge that needs to be shared among the entities of a CPS. If all entities share all their knowledge with each other, the performance, energy and memory consumption as well as privacy are unnecessarily negatively impacted. To reduce the amount of knowledge to share between CPS entities, we envision a role-based adaptive knowledge exchange technique working on partial runtime models, i.e., Models reflecting only part of the state of the CPS. Our approach supports two adaptation dimensions: the runtime type of knowledge and conditions over the knowledge. We illustrate the feasibility of our technique by discussing its realization based on two state-of-the-art approaches.
Keywords: distributed processing; knowledge management; optimisation; CPS; adaptive exchange; computational elements; cooperating entities; cyber-physical systems; distributed partial models@run.time; highly dynamic systems; knowledge sharing; networking elements; partial runtime models; physical elements; resource optimization; role-based adaptive knowledge exchange technique; software systems; Adaptation models; Cleaning; Collaboration; Object oriented modeling; Robot kinematics; Runtime; Cyber-Physical Systems; Model synchronization; Models@run.time (ID#: 16-11008)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7194658&isnumber=7194643
S. Unger and D. Timmermann, “DPWSec: Devices Profile for Web Services Security,” Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP), 2015 IEEE Tenth International Conference on, Singapore, 2015, pp. 1-6. doi: 10.1109/ISSNIP.2015.7106961
Abstract: As cyber-physical systems (CPS) build a foundation for visions such as the Internet of Things (IoT) or Ambient Assisted Living (AAL), their communication security is crucial so they cannot be abused for invading our privacy and endangering our safety. In the past years many communication technologies have been introduced for critically resource-constrained devices such as simple sensors and actuators as found in CPS. However, many do not consider security at all or in a way that is not suitable for CPS. Also, the proposed solutions are not interoperable although this is considered a key factor for market acceptance. Instead of proposing yet another security scheme, we looked for an existing, time-proven solution that is widely accepted in a closely related domain as an interoperable security framework for resource-constrained devices. The candidate of our choice is the Web Services Security specification suite. We analysed its core concepts and isolated the parts suitable and necessary for embedded systems. In this paper we describe the methodology we developed and applied to derive the Devices Profile for Web Services Security (DPWSec). We discuss our findings by presenting the resulting architecture for message level security, authentication and authorization and the profile we developed as a subset of the original specifications. We demonstrate the feasibility of our results by discussing the proof-of-concept implementation of the developed profile and the security architecture.
Keywords: Internet; Internet of Things; Web services; ambient intelligence; assisted living; security of data; AAL; CPS; DPWSec; IoT; ambient assisted living; communication security; cyber-physical system; devices profile for Web services security; interoperable security framework; message level security; resource-constrained devices; Authentication; Authorization; Cryptography; Interoperability; Web services; Applied Cryptography; Cyber-Physical Systems (CPS); DPWS; Intelligent Environments; Internet of Things (IoT); Usability (ID#: 16-11009)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7106961&isnumber=7106892
X. Li and T. Yang, “Signal Processing Oriented Approach for Big Data Privacy,” High Assurance Systems Engineering (HASE), 2015 IEEE 16th International Symposium on, Daytona Beach Shores, FL, 2015, pp. 275-276. doi: 10.1109/HASE.2015.23
Abstract: This paper addresses the challenge of big data security by exploiting signal processing theories. We propose a new big data privacy protocol that scrambles data via artificial noise and secret transform matrices. The utility of the scrambled data is maintained, as demonstrated by a cyber-physical system application. We further outline the proof of the proposed protocol's privacy by considering the limitations of blind source separation and compressive sensing.
Keywords: Big Data; compressed sensing; data privacy; matrix algebra; security of data; Big Data privacy; Big Data security; artificial noise; blind source separation; compressive sensing; secret transform matrix; signal processing; Big data; Data privacy; Noise; Power demand; Protocols; Vectors; big data; cyber-physical systems; privacy (ID#: 16-11010)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7027443&isnumber=7027398
K. M. Alam, A. Sopena and A. E. Saddik, “Design and Development of a Cloud Based Cyber-Physical Architecture for the Internet-of-Things,” 2015 IEEE International Symposium on Multimedia (ISM), Miami, FL, USA, 2015, pp. 459-464. doi: 10.1109/ISM.2015.96
Abstract: Internet-of-Things (IoT) is considered as the next big disruptive technology field which main goal is to achieve social good by enabling collaboration among physical things or sensors. We present a cloud based cyber-physical architecture to leverage the Sensing as-a-Service (SenAS) model, where every physical thing is complemented by a cloud based twin cyber process. In this model, things can communicate using direct physical connections or through the cyber layer using peer-to-peer inter process communications. The proposed model offers simultaneous communication channels among groups of things by uniquely tagging each group with a relationship ID. An intelligent service layer ensures custom privacy and access rights management for the sensor owners. We also present the implementation details of an IoT platform and demonstrate its practicality by developing case study applications for the Internet-of-Vehicles (IoV) and the connected smart home.
Keywords: Ad hoc networks; Cloud computing; Intelligent sensors; Peer-to-peer computing; Vehicles; Wireless sensor networks; Connected Smart Home; Cyber-Physical Systems; Emulator; Internet-of-Things; Sensing-as-a-Service; Vehicular Ad-hoc Networks (ID#: 16-11011)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7442379&isnumber=7442255
B. McMillin, “Distributed Intelligence in the Electric Smart Grid,” Computer Software and Applications Conference (COMPSAC), 2015 IEEE 39th Annual, Taichung, 2015, pp. 48-48. doi: 10.1109/COMPSAC.2015.338
Abstract: Cyber-physical systems are physical infrastructures with deeply embedded computation, As these systems move beyond traditional control and response into more sophisticated planning and interaction, particularly with human elements, the need for intelligent cyber-physical systems emerges. This talk uses advanced electric smart grid technology as an example of distributed intelligence in a cyber-physical system from the point of view of energy management, human interfaces, and security and privacy.
Keywords: power engineering computing; smart power grids; cyberphysical system; distributed intelligence; electric smart grid; energy management; human interface; Artificial intelligence; Conferences; Cyber-physical systems; Energy management; Privacy; Security; Smart grids; Human-Machine Interface; Security; Usability; physical (ID#: 16-11012)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7273597&isnumber=7273573
X. Liu, A. Doboli and F. Ye, “Optimized Local Control Strategy for Voice-Based Interaction-Tracking Badges for Social Applications,” Computer Design (ICCD), 2015 33rd IEEE International Conference on, New York, NY, 2015, pp. 688-695. doi: 10.1109/ICCD.2015.7357182
Abstract: This paper presents a method to design optimized local control strategies for Cyber-Physical Systems that produce reliable data models for social applications. Data models have different semantics and abstraction levels. The local control strategies manage ad-hoc nano-clouds of embedded computing and communication nodes (CCNs) used for data collection, modeling, and communication. Control strategies consider tradeoffs defined by the resource constraints of embedded CCNs (e.g., computing power, communication bandwidth, and energy), assurance requirements (e.g., robustness) of the models, and privacy of users. Experiments evaluate and demonstrate the effectiveness of the control strategies for nano-clouds composed of smart voice-based interaction-tracking badges.
Keywords: cyber-physical systems; data privacy; embedded systems; human computer interaction; social sciences computing; ubiquitous computing; CCN; ad-hoc nano-clouds; assurance requirements; embedded computing and communication nodes; optimized local control strategy; reliable data models; smart voice-based interaction-tracking badges; social applications; user privacy; Bandwidth; Computational modeling; Data acquisition; Data models; Data privacy; Privacy; Reliability (ID#: 16-11013)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7357182&isnumber=7357071
J. Sliwa, “Statistical Challenges for Quality Assessment of Smart Medical Devices,” 2015 10th International Conference on P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC), Krakow, 2015, pp. 380-385. doi: 10.1109/3PGCIC.2015.96
Abstract: Connected medicine, using smart (software based and networked) medical devices is frequently presented as the major disruptive trend in health care. Such devices will however be broadly used only if they are “prescribed” by the hospitals as a part of a therapy and are reimbursed by the insurances. For this we need the proof of their safety, medical efficacy and economic efficiency. Aside of obligatory clinical trials we need an extensive system of post-market surveillance, because: a medical device is a part of a complex cyber-physical system, with humans in the loop / the environment cannot be sufficiently defined / humans react differently to the therapy, they also behave differently / after every software upgrade the device is not the same as before In their operation such devices generate huge amounts of data that can be reused for such analysis. Technically oriented people believe it can be done using a Big Data Analytics system without a deeper understanding of the underlying processes. It is doubtful if such approach can deliver useful results. The main problems seem to be: unbalanced cohort / various patient groups with various preferences / multiple quality parameters (basic algorithm, signal propagation, battery, security & privacy, obtrusiveness, etc.) / multiple variants (operating modes, device settings) / variability of the device and of the environment. When we transform data into “actionable knowledge”, especially if the generated decisions influence human health, utmost care has to be applied. The goal of this paper is to present the complexity of the problem, warn against hasty, purely technical solutions, raise interest among specialists in health statistics and ignite an interdisciplinary cooperation to solve it.
Keywords: Big Data; computational complexity; cyber-physical systems; data analysis; medical computing; socio-economic effects; statistical analysis; actionable knowledge; big data analytics system; complex cyber-physical system; connected medicine; device variability; disruptive trend; economic efficiency; health care; health statistics; hospitals; human health; insurances; medical efficacy; multiple quality parameters; obligatory clinical trials; patient groups; post-market surveillance; problem complexity; quality assessment; smart medical devices; software upgrade; statistical challenges; technically oriented people; unbalanced cohort; Batteries; Biomedical imaging; Biomedical monitoring; Hospitals; Monitoring; Smart phones; Software; Evidence Based Medicine; Medical Statistics; Smart Medical Devices (ID#: 16-11014)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7424592&isnumber=7424499
X. Yin and S. Lafortune, “A New Approach for Synthesizing Opacity-Enforcing Supervisors for Partially-Observed Discrete-Event Systems,” 2015 American Control Conference (ACC), Chicago, IL, 2015, pp. 377-383. doi: 10.1109/ACC.2015.7170765
Abstract: Opacity is a confidentiality property for partially-observed discrete-event systems relevant to the analysis of security and privacy in cyber and cyber-physical systems. It captures the plausible deniability of the system's “secret” in the presence of an outside observer that is potentially malicious. In this paper, we consider the enforcement of opacity on systems modeled by finite-state automata. We assume that the given system is not opaque and the objective is to restrict its behavior by supervisory control in order to enforce opacity of its secret. We consider the general setting of supervisory control under partial observations where the controllable events need not all be observable. Our approach for the synthesis of an opacity enforcing supervisor is based on the construction of a new transition system that we call the “All Inclusive Controller for Opacity” (or AIC-O). The AIC-O is a finite bipartite transition system that embeds in its transition structure all valid opacity enforcing supervisors. We present an algorithm for the construction of the AIC-O and discuss its properties. We then develop a synthesis algorithm, based on the AIC-O, that constructs a “maximally permissive” opacity-enforcing supervisor. Our approach generalizes previous approaches in the literature for opacity enforcement by supervisory control.
Keywords: control system synthesis; discrete event systems; finite state machines; observers; AIC-O; all inclusive controller for opacity transition system; confidentiality property; cyber-physical systems; finite bipartite transition system; finite-state automata; opacity-enforcing supervisor synthesis algorithm; outside observer; partially-observed discrete-event systems; privacy analysis; security analysis; supervisory control; transition structure; Automata; Discrete-event systems;Games; Observers; Security; Supervisory control (ID#: 16-11015)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7170765&isnumber=7170700
P. Carmona, D. Nunes, D. Raposo, D. Silva, J. S. Silva and C. Herrera, “Happy Hour - Improving Mood with an Emotionally Aware Application,” Innovations for Community Services (I4CS), 2015 15th International Conference on, Nuremberg, 2015, pp. 1-7. doi: 10.1109/I4CS.2015.7294480
Abstract: Mobile sensing in Cyber-Physical Systems has been evolving proportionally with smartphones. In fact, we are witnessing a tremendous increase in systems that sense various facets of human beings and their surrounding environments. In particular, the detection of human emotions can lead to emotionally-aware applications that use this information to benefit people's daily lives. This work presents the implementation of a Human-in-the- loop emotionally-aware Cyber-Physical System that attempts to positively impact its user's mood through moderate walking exercise. Data from smartphone sensors, a smartshirt's electrocardiogram and weather information from a web API are processed through a machine learning algorithm to infer emotional states. When negative emotions are detected, the application timely suggests walking exercises, while providing real-time information regarding nearby points of interest. This information includes events, background music, attendance, agitation and general mood. In addition, the system also dynamically adapts privacy and networking configurations based on emotions. The sharing of the user's location on social networks and the device's networking interfaces are configured according to user-defined rules in order to reduce frustration and provide a better Quality of Experience.
Keywords: Internet; data privacy; electrocardiography; emotion recognition; learning (artificial intelligence); mobile computing; quality of experience; social networking (online); Web API; emotionally aware application; human emotion detection; human-in-the- loop emotionally-aware cyber-physical system; machine learning algorithm; mobile sensing; networking configurations; privacy configurations; quality of experience; smartphone sensors; smartphones; smartshirt electrocardiogram; social networks; weather information; Accuracy; Androids; Humanoid robots; Mood; Privacy; Sensors; Smart phones; Emotion Inference; Human-in-the-loop; Network Management; Smartphones (ID#: 16-11016)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7294480&isnumber=7294473
C. W. Axelrod, “Enforcing Security, Safety and Privacy for the Internet of Things,” Systems, Applications and Technology Conference (LISAT), 2015 IEEE Long Island, Farmingdale, NY, 2015, pp. 1-6. doi: 10.1109/LISAT.2015.7160214
Abstract: The connecting of physical units, such as thermostats, medical devices and self-driving vehicles, to the Internet is happening very quickly and will most likely continue to increase exponentially for some time to come. Valid concerns about security, safety and privacy do not appear to be hampering this rapid growth of the so-called Internet of Things (IoT). There have been many popular and technical publications by those in software engineering, cyber security and systems safety describing issues and proposing various “fixes.” In simple terms, they address the “why” and the “what” of IoT security, safety and privacy, but not the “how.” There are many cultural and economic reasons why security and privacy concerns are relegated to lower priorities. Also, when many systems are interconnected, the overall security, safety and privacy of the resulting systems of systems generally have not been fully considered and addressed. In order to arrive at an effective enforcement regime, we will examine the costs of implementing suitable security, safety and privacy and the economic consequences of failing to do so. We evaluated current business, professional and government structures and practices for achieving better IoT security, safety and privacy, and found them lacking. Consequently, we proposed a structure for ensuring that appropriate security, safety and privacy are built into systems from the outset. Within such a structure, enforcement can be achieved by incentives on one hand and penalties on the other. Determining the structures and rules necessary to optimize the mix of penalties and incentives is a major goal of this paper.
Keywords: Internet of Things; data privacy; security of data; IoT privacy; IoT safety; IoT security; cyber security; software engineering; Government; Privacy; Safety; Security; Software; Standards; Internet of Things (IoT); privacy; safety; security; software liability; system development lifecycle (SDLC); time to value; value hills; vulnerability marketplace (ID#: 16-11017)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7160214&isnumber=7160171
“Internet and Collaboration: Challenges and Research Directions,” 2015 IEEE Conference on Collaboration and Internet Computing (CIC), Hangzhou, China, 2015, pp. xxiv-xxiv. doi: 10.1109/CIC.2015.50
Abstract: Summary form only given, as follows. Internet has become the ubiquitous fabric that enabled the growth of infrastructures, applications, and technologies that significantly enhance global interactions and collaborations with significant and increasing impact on society. Unprecedented cyber-social and cyber-physical infrastructures, systems, and applications that span geographic boundaries are becoming reality. Technology has evolved from standalone tools to open systems supporting collaboration in multi-organizational settings, and from general purpose tools to specialized collaboration platforms. Increasingly, individuals and organizations have relied on Internet-enabled collaboration between distributed teams of humans, computer applications, or autonomous robots to achieve higher productivity and produce collaboratively developed products that would have been infeasible just a few years ago. This panel will explore and debate on the challenges and research directions related to Collaboration and Internet computing areas. Some key issues that will be discussed in this panel are, but not limited to: (1) What are new key challenges in systems, applications and networking areas related to CIC? Are there specific limitations in these areas that need a fundamental redesign? (2) How are the global safety, security and privacy issues reshaping within the context of the CIC area? (3) What are potential transformative, killer applications that CIC can enable and what are the challenges towards achieving them? A record of the panel discussion was not made available for publication as part of the conference proceedings.
Keywords: Collaboration; Computer applications; Internet; Open systems (ID#: 16-11018)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7423058&isnumber=7423045
S. Subhani, M. Gibescu and W. L. Kling, “Autonomous Control of Distributed Energy Resources via Wireless Machine-to-Machine Communication; a Survey of Big Data Challenges,” Environment and Electrical Engineering (EEEIC), 2015 IEEE 15th International Conference on, Rome, 2015, pp. 1437-1442. doi: 10.1109/EEEIC.2015.7165381
Abstract: It is anticipated that the growing number of distributed energy resources and other cyber physical components of smart grids will make the management of the distribution grid more complex. In this survey paper, four discernible challenges related to big data and the enablement of autonomous grid operation are investigated: (1) the technical readiness level of cloud computing services, (2) limitations of wireless telecommunication technology, (3) smart meter related privacy issues and (4) the intrinsic uncertainty in data analytics. The investigated challenges indicate that the current performance of cloud computing and wireless telecommunication technology do not readily enable autonomous decentralized secondary control of power systems. Moreover, technical and legislative solutions have to be developed to ensure consumer privacy, prior to applying data analytics on smart meter data.
Keywords: Big Data; cloud computing; control engineering computing; data analysis; decentralised control; power system control; power system management; radio networks; smart meters; smart power grids; Big Data; cloud computing service; cyber physical component; data analytics; distributed energy resource autonomous control; distribution grid management; power system autonomous decentralized secondary control; smart grid; smart meter; wireless machine-to-machine communication; Big data; Cloud computing; Smart grids; Smart meters; Wireless communication; Wireless sensor networks; big data analytic; distributed resource; privacy
(ID#: 16-11019)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7165381&isnumber=7165173
Y. Park, “Connected Smart Buildings, a New Way to Interact with Buildings,” Cloud Engineering (IC2E), 2015 IEEE International Conference on, Tempe, AZ, 2015, pp. 5-5. doi: 10.1109/IC2E.2015.57
Abstract: Summary form only given. Devices, people, information and software applications rarely live in isolation in modern building management. For example, networked sensors that monitor the performance of a chiller are common and collected data are delivered to building automation systems to optimize energy use. Detected possible failures are also handed to facility management staffs for repairs. Physical and cyber security services have to be incorporated to prevent improper access of not only HVAC (Heating, Ventilation, Air Conditioning) equipment but also control devices. Harmonizing these connected sensors, control devices, equipment and people is a key to provide more comfortable, safe and sustainable buildings. Nowadays, devices with embedded intelligences and communication capabilities can interact with people directly. Traditionally, few selected people (e.g., facility managers in building industry) have access and program the device with fixed operating schedule while a device has a very limited connectivity to an operating environment and context. Modern connected devices will learn and interact with users and other connected things. This would be a fundamental shift in ways in communication from unidirectional to bi-directional. A manufacturer will learn how their products and features are being accessed and utilized. An end user or a device on behalf of a user can interact and communicate with a service provider or a manufacturer without go though a distributer, almost real time basis. This will requires different business strategies and product development behaviors to serve connected customers' demands. Connected things produce enormous amount of data that result many questions and technical challenges in data management, analysis and associated services. In this talk, we will brief some of challenges that we have encountered In developing connected building solutions and services. More specifically, (1) semantic interoperability requirements among smart s- nsors, actuators, lighting, security and control and business applications, (2) engineering challenges in managing massively large time sensitive multi-media data in a cloud at global scale, and (3) security and privacy concerns are presented.
Keywords: HVAC; building management systems; intelligent sensors; actuators; building automation systems; building management; business strategy; chiller performance; connected smart buildings; control devices; cyber security services; data management; facility management staffs; heating-ventilation-air conditioning equipment; lighting; networked sensors; product development behaviors; service provider; smart sensors; time sensitive multimedia data; Building automation; Business; Conferences; Intelligent sensors; Security; Building Management; Cloud; Internet of Things (ID#: 16-11020)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7092892&isnumber=7092808
P. Volf, “NAS-Wide Simulation of Air Traffic with ATC Behavior Model,” 2015 Integrated Communication, Navigation, and Surveillance Conference (ICNS), Herndon, VA, USA, 2015, pp. 1-13. doi: 10.1109/ICNSURV.2015.7121322
Abstract: Agent Technology Center ▸ Size: 35 researchers, PhD/MSc students & CTU faculty members ▸ Objective: fundamental/applied research, empirical evaluation & tech transfer ▸ Core competences: » multiagent modeling and simulation » multiagent planning and coordination » multiagent data analysis » adversarial reasoning & game theory ▸ Application domains: » air traffic, ground transportation » cyber security, privacy, steganalysis » UAV robotics, ground robotics » physical security (maritime) ▸ AgentFly is a complex multi-agent system developed as a result of multiple research activities since 2006 ▸ Funded by the US Air Force, FAA (NextGen), US Army, ONR, Czech Government ▸Cooperation with other universities »Drexel (US, Philadelphia), Bradley (US, Peoria), Linkoping (Sweden), TU Dresden (Germany) ▸Industrial cooperation »NASA (US), BAE Systems (UK), SAAB (Sweden), CS SOFT (Czech), DSTO (DoD Australia).
Keywords: (not provided) (ID#: 16-11021)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7121322&isnumber=7121207
S. Moses, J. Mercado, A. Larson and D. Rowe, “Touch Interface and Keylogging Malware,” Innovations in Information Technology (IIT), 2015 11th International Conference on, Dubai, 2015, pp. 86-91. doi: 10.1109/INNOVATIONS.2015.7381520
Abstract: Software keyloggers have been used to spy on computer users to track activity or gather sensitive information for decades. Their primary focus has been to capture keystroke data from physical keyboards. However, since the release of Microsoft Windows 8 in 2012 touchscreen personal computers have become much more prevalent, introducing the use of on-screen keyboards which afford users an alternative keystroke input method. Smart cities are designed to enhance and improve the quality of life of city populations while reducing cost and resource consumption. As new technology is developed to create safe, renewable, and sustainable environments, we introduce additional risk that mission critical data and access credentials may be stolen via malicious keyloggers. In turn, cyber-attacks targeting critical infrastructure using this data could result in widespread catastrophic systems failure. In order to protect society in the age of smart-cities it is vital that security implications are considered as this technology is implemented. In this paper we investigate the capabilities of keyloggers to capture keystrokes from an on-screen (virtual) keyboard and demonstrate that different keyloggers respond very differently to on-screen keyboard input. We suggest a number of future studies that could be performed to further understand the security implications presented by on-screen keyboards to smart cities as they relate to keyloggers.
Keywords: invasive software; keyboards; touch sensitive screens; user interfaces; Microsoft Windows; cyber attacks; keylogging malware; keystroke input method; on-screen keyboards; software keyloggers; touch interface malware; virtual keyboard; Computers; Hardware; Keyboards; Malware; Operating systems; Malware; Privacy; Software Security (ID#: 16-11022)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7381520&isnumber=7381480
A. Ouaddah, I. Bouij-Pasquier, A. Abou Elkalam and A. Ait Ouahman, “Security Analysis and Proposal of New Access Control Model in the Internet of Thing,” Electrical and Information Technologies (ICEIT), 2015 International Conference on, Marrakech, 2015, pp. 30-35. doi: 10.1109/EITech.2015.7162936
Abstract: The Internet of Things (IoT) represents a concept where the barriers between the real world and the cyber-world are progressively annihilated through the inclusion of everyday physical objects combined with an ability to provide smart services. These services are creating more opportunities but at the same time bringing new challenges in particular security and privacy concerns. To address this issue, an access control management system must be implemented. This work introduces a new access control framework for IoT environment, precisely the Web of Things (WoT) approach, called “SmartOrBAC” Based on the OrBAC model. SmartOrBAC puts the context aware concern in a first position and deals with the constrained resources environment complexity. To achieve these goals, a list of detailed IoT security requirements and needs is drawn up in order to establish the guidelines of the “SmartOrBAC”. Then, The OrBAC model is analyzed and extended, regarding these requirements, to specify local as well as collaboration access control rules; on the other hand, these security policies are enforced by applying web services mechanisms mainly the RESTFUL approach. Finaly the most important works that emphasize access control in IoT environment are discussed.
Keywords: Internet of Things; Web services; authorisation; ubiquitous computing; Internet of Thing; RESTFUL approach; SmartOrBAC; Web of Things; Web services; collaboration access control rules; context aware concern; cyber-world; new access control model; security analysis; Access control; Biomedical monitoring; Monitoring; Organizations; Scalability; Usability; OrBAC; access control model; internet of things; privacy; security policy; web of things (ID#: 16-11023)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7162936&isnumber=7162923
T. Veugen and Z. Erkin, “Content-Based Recommendations with Approximate Integer Division,” Acoustics, Speech and Signal Processing (ICASSP), 2015 IEEE International Conference on, South Brisbane, QLD, 2015, pp. 1802-1806. doi: 10.1109/ICASSP.2015.7178281
Abstract: Recommender systems have become a vital part of e-commerce and online media applications, since they increased the profit by generating personalized recommendations to the customers. As one of the techniques to generate recommendations, content-based algorithms offer items or products that are most similar to those previously purchased or consumed. These algorithms rely on user-generated content to compute accurate recommendations. Collecting and storing such data, which is considered to be privacy-sensitive, creates serious privacy risks for the customers. A number of threats to mention are: service providers could process the collected rating data for other purposes, sell them to third parties, or fail to provide adequate physical security. In this paper, we propose a cryptographic approach to protect the privacy of individuals in a recommender system. Our proposal is founded on homomorphic encryption, which is used to obscure the private rating information of the customers from the service provider. Our proposal explores basic and efficient cryptographic techniques to generate private recommendations using a server-client model, which neither relies on (trusted) third parties, nor requires interaction with peer users. The main strength of our contribution lies in providing a highly efficient division protocol which enables us to hide commercially sensitive similarity values, which was not the case in previous works.
Keywords: approximation theory; cryptography; electronic commerce; integer programming; recommender systems; approximate integer division; content based algorithms; content based recommendations; cryptographic approach; cryptographic techniques; e-commerce; homomorphic encryption; online media applications; personalized recommendations; recommender systems; serious privacy risks; server-client model; service providers; user generated content; Computational modeling; Protocols; Recommender systems; homomorphic encryption; privacy; secure division; secure multi-party computation (ID#: 16-11024)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7178281&isnumber=7177909
R. Dong, W. Krichene, A. M. Bayen and S. S. Sastry, “Differential Privacy of Populations in Routing Games,” 2015 54th IEEE Conference on Decision and Control (CDC), Osaka, 2015, pp. 2798-2803. doi: 10.1109/CDC.2015.7402640
Abstract: As our ground transportation infrastructure modernizes, the large amount of data being measured, transmitted, and stored motivates an analysis of the privacy aspect of these emerging cyber-physical technologies. In this paper, we consider privacy in the routing game, where the origins and destinations of drivers are considered private. This is motivated by the fact that this spatiotemporal information can easily be used as the basis for inferences for a person's activities. More specifically, we consider the differential privacy of the mapping from the amount of flow for each origin-destination pair to the traffic flow measurements on each link of a traffic network. We use a stochastic online learning framework for the population dynamics, which is known to converge to the Nash equilibrium of the routing game. We analyze the sensitivity of this process and provide theoretical guarantees on the convergence rates as well as differential privacy values for these models. We confirm these with simulations on a small example.
Keywords: convergence; data privacy; game theory; learning (artificial intelligence); security of data; stochastic processes; traffic information systems; transportation; Nash equilibrium; convergence rates; cyber-physical technology; differential privacy; driver destination; driver origin; ground transportation infrastructure modernization; person activity; population dynamics; privacy analysis; routing game; spatiotemporal information; stochastic online learning framework; traffic flow measurement; traffic network; Games; Privacy; Routing; Sociology; Statistics; Vehicles; Yttrium (ID#: 16-11025)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7402640&isnumber=7402066
P. Wang, A. Ali and W. Kelly, “Data Security and Threat Modeling for Smart City Infrastructure,” Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC), 2015 International Conference on, Shanghai, 2015, pp. 1-6. doi: 10.1109/SSIC.2015.7245322
Abstract: Smart city opens up data with a wealth of information that brings innovation and connects government, industry and citizens. Cyber insecurity, on the other hand has raised concerns among data privacy and threats to smart city systems. In this paper, we look into security issues in smart city infrastructure from both technical and business operation perspectives and propose an approach to analyze threats and to improve data security of smart city systems. The assessment process takes hundreds of features into account. Data collected during the assessment stage are then imported into an algorithm that calculates the threat factor. Mitigation strategies are provided to help reducing risks of smart city systems from being hacked into and to protect data from being misused, stolen or identifiable. Study shows that the threat factor can be reduced significantly by following this approach. Experiments show that this comprehensive approach can reduce the risks of cyber intrusions to smart city systems. It can also deal with privacy concerns in this big data arena.
Keywords: Big Data; data protection; security of data; smart cities; big data; cyber insecurity; cyber intrusions; data privacy; data security; smart city infrastructure; threat modeling; Business; Encryption; Firewalls (computing); Malware; cyber physical; smart city (ID#: 16-11026)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7245322&isnumber=7245317
Note:
Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.