The growth of Electric Vehicles (EVs), coupled with the deployment of large-scale extreme fast charging stations (XFCSs), has increased the attack surface for EV ecosystems. To secure such critical cyber-physical systems (CPSs), it is imperative for the system defenders to perform an in-depth analysis of potential attack vectors, evaluate possible countermeasures, and analyze attack-defense scenarios quantitatively to implement a defense strategy that will provide maximum utilization of their limited resources. Therefore, a systematic framework is essential, relying on modeling tools that security experts are familiar with. In this paper, we propose a comprehensive methodology for enabling the defender to perform a high-level attack surface analysis of an XFCS and determine the defense strategy with the highest utility value. We apply STRIDE threat modeling and attack defense tree (ADT) to enumerate realizable attack paths and identify possible defense measures. We then employ analytic hierarchy process (AHP) as a multi-criteria decisionmaking algorithm to obtain the highest utility strategy for the defender to adopt. The proposed methodology is validated by demonstrating its real-world feasibility through a case study, using sample attack paths for an XFCS.
Authored by Souradeep Bhattacharya, Manimaran Govindarasu, Mansi Girdhar, Junho Hong
Online loan is viewed as an alternative to banking but easier and provide direct connection between public and loan offerer. However, online security threats and scam are undermining the quality of online loan. This study aims to determine how the public views their privacy while using online loan applications, perceived risk, perceived security, and qualities on intention to apply online loan. In order to examine the intention, a quantitative survey method was adopted and survey questionnaire was sent to the public who had experienced and apply for online loan applications. 153 responses were received and analysed using IBM SPSS version 28 for demographic analysis and SmartPLS 4 for model and structural measurements. Results show that perceived security, service quality and system quality were not critical to the respondents when choosing online loan applications while perceived risk, information sharing, and privacy concern were critical. This study shows that general public believed that security and quality are part of the package when organization offered a product or service. Interestingly, while privacy, risk, and information are important, public felt that it is the duty of organization to take care of their interests. Future research should look into behavioural aspects of public risk, information sharing, and privacy concern to understand in-depth.
Authored by Natanael Kurniawan, Jacques, Muammar Tohepaly, Anderes Gui, Muhammad Shaharudin, Yuvaraj Ganesan
The escalating visibility of secure direct object reference (IDOR) vulnerabilities in API security, as indicated in ⁠ the compilation of OWASP Top 10 API Security Risks, highlights a noteworthy peril to sensitive data. This study explores IDOR vulnerabilities found within Android APIs, intending to clarify their inception while evaluating their implications for application security. This study combined the qualitative and quantitative approaches. Insights were obtained from an actual penetration test on an Android app into the ⁠ primary reasons for IDOR vulnerabilities, underscoring insufficient input validation and weak authorization methods. We stress the frequent occurrence of IDOR vulnerabilities in the OWASP Top 10 API ⁠ vulnerability list, highlighting the necessity to prioritize them in security evaluations. There are mitigation recommendations available for developers, which recognize its limitations involving a possibly small and homogeneous selection ⁠ of tested Android applications, the testing environment that could cause some inaccuracies, and the impact of time constraints. Additionally, the study noted insufficient threat modeling and root ⁠ cause analysis, affecting its generalizability and real-world relevance. However, comprehending and controlling IDOR dangers can enhance Android API ⁠ security, protect user data, and bolster application resilience.
Authored by Semi Yulianto, Roni Abdullah, Benfano Soewito
Risk assessors and managers face many difficult challenges related to the new network system. These challenges include the continuous changes in the nature of network systems caused by technological progress, their distribution in the fields of physics, information and social cognition, and the complex network structure that usually includes thousands of nodes. Here, we review the probability and risk-based decision technology applied to network systems, and conclude that the existing methods can not solve all the components of the risk assessment triad (threat, vulnerability, consequence), and lack the ability to integrate across multiple areas of network systems, thus providing guidance for enhancing network security. We propose a cloud native security chain architecture and network topology reconstruction technology link based on the full link of microservices. The network security performance is quantified by multi-layer filtering mechanism and setting different fitness index functions. The method proposed in this paper solves the problems of packet loss, load balancing and distributed delay of network security mechanism in the global network to a certain extent.
Authored by Shuo Sheng, Kun Che, Ang Mi, Xiaobo Wan
Package registries host reusable code assets, allowing developers to share and reuse packages easily, thus accelerating the software development process. Current software registry ecosystems involve multiple independent stakeholders for package management. Unfortunately, abnormal behavior and information inconsistency inevitably exist, enabling adversaries to conduct malicious activities with minimal effort covertly. In this paper, we investigate potential security vulnerabilities in six popular software registry ecosystems. Through a systematic analysis of the official registries, corresponding registry mirrors and registry clients, we identify twelve potential attack vectors, with six of them disclosed for the first time, that can be exploited to distribute malicious code stealthily. Based on these security issues, we build an analysis framework, RScouter, to continuously monitor and uncover vulnerabilities in registry ecosystems. We then utilize RScouter to conduct a measurement study spanning one year over six registries and seventeen popular mirrors, scrutinizing over 4 million packages across 53 million package versions. Our quantitative analysis demonstrates that multiple threats exist in every ecosystem, and some have been exploited by attackers. We have duly reported the identified vulnerabilities to related stakeholders and received positive responses.
Authored by Yacong Gu, Lingyun Ying, Yingyuan Pu, Xiao Hu, Huajun Chai, Ruimin Wang, Xing Gao, Haixin Duan
Security system designers favor worst-case security metrics, such as those derived from differential privacy (DP), due to the strong guarantees they provide. On the downside, these guarantees result in a high penalty on the system’s performance. In this paper, we study Bayes security, a security metric inspired by the cryptographic advantage. Similarly to DP, Bayes security i) is independent of an adversary’s prior knowledge, ii) it captures the worst-case scenario for the two most vulnerable secrets (e.g., data records); and iii) it is easy to compose, facilitating security analyses. Additionally, Bayes security iv) can be consistently estimated in a black-box manner, contrary to DP, which is useful when a formal analysis is not feasible; and v) provides a better utility-security trade-off in high-security regimes because it quantifies the risk for a specific threat model as opposed to threat-agnostic metrics such as DP.
Authored by Konstantinos Chatzikokolakis, Giovanni Cherubin, Catuscia Palamidessi, Carmela Troncoso
This research aimed to examine the relationship between digital citizenship and information security achievements levels. For this purpose, the research was designed in the relational survey model within the scope of quantitative research. The sample of the research consists of teacher candidates studying at the Faculty of Education of Fırat University in the 2022-2023 academic year. To collect the research data, the Digital Citizenship Questionnaire and the Information Security Achievements Scale were used. At the end of the study, it was revealed that the digital citizenship levels of the teacher candidates were high, and the information security attainment levels related to threats and taking precautions were moderate. According to the gender variable, the digital citizenship levels of teacher candidates were found to be significantly higher in favor of females. Information security achievement levels differ significantly in favor of males according to the gender variable. It has been observed that as the information security achievements of the teacher candidates increase, the correct usage, health and social responsibility levels of digital citizenship tend to increase as well.
Authored by Songül Karabatak, Sevinç Ay, Murat Karabatak
In the digital era, web applications have become a prevalent tool for businesses. As the number of web applications continues to grow, they become enticing targets for malicious actors seeking to exploit potential security vulnerabilities. Organizations face constant risks associated with vulnerabilities in their web-based software systems, which can result in data breaches, service disruptions, and a loss of trust. Consequently, organizations require an effective and efficient approach to assess and analyze the security of acquired web-based software, ensuring sufficient confidence in its utilization. This research aims to enhance the quantitative evaluation and analysis of web application security through a model-based approach. We focus on integrating the Open Web Application Security Project s (OWASP) Application Security Verification Standard (ASVS) into a structured and analyzable metamodel. This model aims to effectively assess the security levels of web applications while offering valuable insights into their strengths and weaknesses. By combining the ASVS with a comprehensive framework, we aim to provide a robust methodology for evaluating and analyzing web application security.
Authored by Shao-Fang Wen, Basel Katt
Security still remains an afterthought in modern Electronic Design Automation (EDA) tools, which solely focus on enhancing performance and reducing the chip size. Typically, the security analysis is conducted by hand, leading to vulnerabilities in the design remaining unnoticed. Security-aware EDA tools assist the designer in the identification and removal of security threats while keeping performance and area in mind. Stateof-the-art approaches utilize information flow analysis to spot unintended information leakages in design structures. However, the classification of such threats is binary, resulting in negligible leakages being listed as well. A novel quantitative analysis allows the application of a metric to determine a numeric value for a leakage. Nonetheless, current approximations to quantify the leakage are still prone to overlooking leakages. The mathematical model 2D-QModel introduced in this work aims to overcome this shortcoming. Additionally, as previous work only includes a limited threat model, multiple threat models can be applied using the provided approach. Open-source benchmarks are used to show the capabilities of 2D-QModel to identify hardware Trojans in the design while ignoring insignificant leakages.
Authored by Lennart Reimann, Sarp Erdönmez, Dominik Sisejkovic, Rainer Leupers
Technology integration has enabled value-added services and quality-of-life enhancement in almost all aspects of modern life. In this paper, we present a UAV and low-cost Bluetooth low energy (BLE) tags-based location search system which enables a cart take-home service for shoppers of a supermarket in a model smart colony. The presented system has quality-of-life enhancement as well as carbon footprint reduction effects and can be integrated with the existing security and/or transport system of the model smart colony. Conducted field trials on location accuracy of the system are also presented, showing that carts left by residents outside the home can be located within 6.58m and carts taken inside homes or buildings can be located within 16.43m.
Authored by Rana Bilal, Zubair Akhter, Nawaf Alsahli, Muhammad Abdel-Aal, Atif Shamim
IoT-Based Smart Bag and Women Security System is an novel solution to address the raising problem of women s safety and offers protection to their personal belongings while providing real-time status updates. In recent days, women often face insecure situations in society. To overcome this, a safety-oriented method has been proposed. When the person is attacked by any of the strangers of thieves, the person can use the push button by which an alert notification is delivered to the registered smart phone number with the person’s location. Additionally, the bag is provided with a shock generator that can be used by women to defend themselves against attacks from strangers or theft people, which generates an electric shock of 550V. The bag is also assisted with a finger print detector is used for securing the zipper to avoid theft. An internal lighting system have been used which detects the intensity of light and automatically switches ON when the intensity is low for ease of locating items and a wireless charger for consumer’s convenience. This system utilizes components such as ESP32, a fingerprint sensor, and a GPS system helps tracing the exact location of the bag. The collected data can visualize through the Adafruit dashboard, that offers users a clear view of the bag s location, and ON and OFF status of LED and fingerprint sensor.
Authored by Ramesh R
Logistic transportation is the backbone of the supply chain. An uninterrupted transportation of any goods keeps the supply chain well balanced and thus helps the business as well as the economy. But in this current world, the transportation of goods is being harmed in many ways. One of those is theft, where the driver is also involved or not, but the thief steals the goods with or without breaking the seal. Both the supplying company and the client are affected by this. To reduce the problem, we are proposing a two-step security system. So that even if one system is deactivated somehow, the other system can be alerted, and necessary steps can be taken accordingly. By doing so, we can maintain a constant connection with the vehicle. Through this proposed project, the outer door seal of the cargo vehicle can be locked or unlocked, and the server can observe in real time whether any items inside are being stolen without opening the door. The security of logistics supply vehicles through the proposed paper will be more robust and beneficial to both the transport service provider and the service taker.
Authored by Thohidul Islam, Md. Qureshi, Hrishin Palit, Md. Sayeed
In today s world, security is a very important issue. People should always keep their belongings safe . To increase security, this research work proposes a IoT-based smart lockers with sensors and access keys with security, verification, and user-friendly tools. This model alerts the user when someone else tries to access their locker and quickly sends an alarm to the authorized user, and provides the option to either grant or reject access to the valid user. In this paper, smart locker is kept registered early to use a locker in the bank, office, home, etc. to ensure safety. The user demands to send an unlock direction with the help of microcontroller NUDE MCU ES P8266 and after accepting the command from the cloud (BLYNK APP), only the user can unlock the closet and access the valuables. This study has also introduced the encroachment detection in lockers with sensors and finally installed smart lockers with fire alarms for security and reliability.
Authored by Bhawna Khokher, Mamta Savadatti, Anish Kumar, T.V. Nikhil, Pranav Raj, Aditya Thakre
Advances in sensor and communication technologies have transformed traditional homes into smart homes, equipped with sensors and actuators for various functionalities like smart lighting, temperature control, irrigation, solar monitoring, entertainment, and security. This transition is powered by the Internet of Things (IoT) architecture, enabling smart home hubs to integrate and control devices with different communication protocols. However, this shift has also introduced new security and privacy issues in the Smart Home IoT (SH-IoT) environment. To address these challenges, new communication protocols with cryptographic features have been developed, and a unified standard called Matter has been created to promote interoperability among different device manufacturers. This paper presents a comprehensive survey of recent trends and advances in the smart home IoT landscape, focusing on communication protocols, their security issues and protection features against vulnerabilities in the SH-IoT environment.
Authored by Ismael Holguin, Sai Errapotu
In the last decade the rapid development of the communications and IoT systems have risen many challenges regarding the security of the devices that are handled wirelessly. Therefore, in this paper, we intend to test the possibility of spoofing the parameters for connection of the Bluetooth Low Energy (BLE) devices, to make several recommendations for increasing the security of the usage of those devices and to propose basic counter measurements regarding the possibility of hacking them.
Authored by Cristian Capotă, Mădălin Popescu, Simona Halunga, Octavian Fratu
With the advancement in Internet of things smart homes are rapidly developing. Smart home is the major key component of Internet of thing. With the help of IOT technology we can stay connected to our home appliance. Internet of Things is the Associations of inserted advancements that. Contained physical protests and is utilized to convey and keenness or collaborate with the internal states or the outer surroundings. Rather than individuals to individuals’ correspondence, IoT accentuation on machine-to-machine correspondence. Smart home connects the physical components of our home with the help of software and sensors so that we can access them via internet from one place. Building home automation includes computerizing a home, likewise, mentioned to as a sensible home or smart home. Domestic machines are an urgent part of the Web of Things whenever they are associated with the web. Controlled devices are commonly connected to a focal center or entryway through a domestic automation framework. A smartphone application, tablet PC, personal computer, wall-mounted terminals, or even a web interface that can be gotten to from off-website over the Web are completely utilized by the program to work the framework. Since all the devices are interconnected and interlinked to one an-another they are lot of chances for security breach and data theft. If the security layer is easily breakable any third-party attacker can easily theft the private data of the user. Which leads us to pay more attention to protecting and securing private data. With the day-to-day development of Smart Home, the safety also got to be developed and updated day to day the safety challenges of the IoT for a wise home scenario are encountered, and a comprehensive IoT security management for smart homes has been proposed. This paper acquaints the status of IoT development, and furthermore contains security issues challenges. Finally, this paper surveys the Gamble factor, security issues and challenges in every point of view.
Authored by S.R Anupriya, Muthumanikandan V
Multiple smart operations, similar as smart technologies in homes, smart metropolises, smart husbandry, and smart health and fitness centres, use a new technology known as the Internet of effects. They correspond of an multifariousness of multiple networked bias that link to multiple detectors and the internet. Among the layers that comprise an IoT armature are the perception subcaste, network subcaste, and operation subcaste. Due to their wide use, these smart biases have fairly minimum protection and are vulnerable to attacks. Comprehensive explanations of operation subcaste security issues and protocols, similar as Advance Message Queuing Protocol(AMQP) in application layer protocol, Constrained operation protocol( CoAP), and REST( Emblematic State Transport).
Authored by K Parvathy, B Nataraj
The Internet of Things (IoT) connects the physical world to the digital world, and wireless sensor networks (WSNs) play a significant role. There are billions of IoT products in the market. We found that security was not the primary focus of software developers. The first step of designing a secure product is to analyze and note down the security requirements. This research paper proposes a modified approach, incorporating elements from the SREP (Software Requirements Engineering Process) and SQUARE (Security Quality Requirement Engineering), to define security requirements for IoT products. The revised process is applied to determine the security requirements of a Smart Lock system that utilizes the publish/subscribe protocol MQTT-SN (Message Queuing Telemetry Transport for Sensor Networks) communication protocol architecture.
Authored by Hemant Gupta, Amiya Nayak
There will be a billion smart devices with processing, sensing, and actuation capabilities that can be connected to the Internet under the IoT paradigm. The level of convenience, effectiveness, and automation for consumers is expected to rise owing to promising IoT applications. Privacy is a significant concern in IoT systems, and it is essential to provide users with full awareness and control over the data collected by these systems. The use of privacy-enhancing technologies can help to minimise the risks associated with data collection and processing and ensure that user privacy is protected. Lack of standards for devices with limited resources and heterogeneous technologies intensifies the security issue. There are various emerging and existing technologies that can help to address the security risks in the IoT sector and achieve a high degree of trust in IoT applications. By implementing these technologies and countermeasures, it is possible to improve the security and reliability of IoT systems, ensuring that they can be used safely and effectively in a wide range of applications. This article’s intent is to provide a comprehensive investigation of the threats and risks in the IoT industry and to examine some potential countermeasures.
Authored by Jaspreet Singh, Gurpreet Singh, Shradha Negi
Intelligent environments rely heavily on the Internet of Things, which can be targeted by malicious attacks. Therefore, the autonomous capabilities of agents in intelligent health-care environments, and the agents’ characteristics (accuracy, reliability, efficiency and responsiveness), should be exploited to devise an autonomous intelligent agent that can safeguard the entire environment from malicious attacks. Hence, this paper contributes to achieving this aim by selecting the eight most valuable features out of 50 features from the adopted dataset using the Chi-squared test. Then, three wellknown machine learning classifiers (i.e. naive Bayes, random forest and logistic regression) are compared in classifying malicious attacks from non-attacks in an intelligent health-care environment. The highest achieved classification accuracy was for the random forest classifier (99.92\%).
Authored by Abdulkreem Alzahrani
In an environment where terrorist group actions are heavily predominate, the study introduces novel modeling tools that really are adept at controlling, coordinating, manipulating, detecting, and tracing drones. Modern humans now need to simulate their surroundings in order to boost their comfort and productivity at work. The ability to imitate a person s everyday work has undergone tremendous advancement. A simulation is a representation of how a system or process would work in the actual world.
Authored by Soumya V, S. Sujitha, Mohan R, Sharmi Kanaujia, Sanskriti Agarwalla, Shaik Sameer, Tabasum Manzoor
As vehicles increasingly embed digital systems, new security vulnerabilities are also being introduced. Computational constraints make it challenging to add security oversight layers on top of core vehicle systems, especially when the security layers rely on additional deep learning models for anomaly detection. To improve security-aware decision-making for autonomous vehicles (AV), this paper proposes a bi-level security framework. The first security level consists of a one-shot resource allocation game that enables a single vehicle to fend off an attacker by optimizing the configuration of its intrusion prevention system based on risk estimation. The second level relies on a reinforcement learning (RL) environment where an agent is responsible for forming and managing a platoon of vehicles on the fly while also dealing with a potential attacker. We solve the first problem using a minimax algorithm to identify optimal strategies for each player. Then, we train RL agents and analyze their performance in forming security-aware platoons. The trained agents demonstrate superior performance compared to our baseline strategies that do not consider security risk.
Authored by Dominic Phillips, Talal Halabi, Mohammad Zulkernine
In coalition military operations, secure and effective information sharing is vital to the success of the mission. Protected Core Networking (PCN) provides a way for allied nations to securely interconnect their networks to facilitate the sharing of data. PCN, and military networks in general, face unique security challenges. Heterogeneous links and devices are deployed in hostile environments, while motivated adversaries launch cyberattacks at ever-increasing pace, volume, and sophistication. Humans cannot defend these systems and networks, not only because the volume of cyber events is too great, but also because there are not enough cyber defenders situated at the tactical edge. Thus, autonomous, machine-speed cyber defense capabilities are needed to protect mission-critical information systems from cyberattacks and system failures. This paper discusses the motivation for adding autonomous cyber defense capabilities to PCN and outlines a path toward implementing these capabilities. We propose to leverage existing reference architectures, frameworks, and enabling technologies, in order to adapt autonomous cyber defense concepts to the PCN context. We highlight expected challenges of implementing autonomous cyber defense agents for PCN, including: defining the state space and action space that will be necessary for monitoring and for generating recovery plans; implementing a suite of models, sensors, actuators, and agents specific to the PCN context; and designing metrics and experiments to measure the efficacy of such a system.
Authored by Alexander Velazquez, Joseph Mathews, Roberto Lopes, Tracy Braun, Frederica Free-Nelson
This paper discusses the design and implementation of Autonomous Cyber Defense (ACD) agents for Protected Core Networking (PCN). Our solution includes two types of specialized, complementary agents placed in different parts of the network. One type of agent, ACD-Core, is deployed within the protected core segment of a particular nation and can monitor and act in the physical and IP layers. The other, ACDCC, is deployed within a colored cloud and can monitor and act in the transport and application layers. We analyze the threat landscape and identify possible uses and misuses of these agents. Our work is part of an ongoing collaboration between two NATO research task groups, IST-162 and IST-196. The goal of this collaboration is to detail the design and roadmap for implementing ACD agents for PCN and to create a virtual lab for related experimentation and validation. Our vision is that ACD will contribute to improving the cybersecurity of military networks, protecting them against evolving cyber threats, and ensuring connectivity at the tactical edge.
Authored by Alexander Velazquez, Roberto Lopes, Adrien Bécue, Johannes Loevenich, Paulo Rettore, Konrad Wrona
This paper highlights the progress toward securing teleoperating devices over the past ten years of active technology development. The relevance of this issue lies in the widespread development of teleoperating systems with a small number of systems allowed for operations. Anomalous behavior of the operating device, caused by a disruption in the normal functioning of the system modules, can be associated with remote attacks and exploitation of vulnerabilities, which can lead to fatal consequences. There are regulations and mandates from licensing agencies such as the US Food and Drug Administration (FDA) that place restrictions on the architecture and components of teleoperating systems. These requirements are also evolving to meet new cybersecurity threats. In particular, consumers and safety regulatory agencies are attracted by the threat of compromising hardware modules along with software insecurity. Recently, detailed security frameworks and protocols for teleoperating devices have appeared. However, a matter of intelligent autonomous controllers for analyzing anomalous and suspicious actions in the system remain unattended, as well as emergency protocols from the point of cybersecurity view. This work provides a new approach for the intraoperative cybersecurity of intelligent teleoperative surgical systems, taking into account modern requirements for implementing into the Surgical Remote Intelligent Robotic System LevshAI. The proposed principal security model allows a surgeon or autonomous agent to manage the operation process during various attacks.
Authored by Alexandra Bernadotte