Over the past decade, the number of cyber attack incidents targeting critical infrastructures such as the electrical power system has increased. To assess the risk of cyber attacks on the cyber-physical system, a holistic approach is needed that considers both system layers. However, the existing risk assessment methods are either qualitative in nature or employ probabilistic models to study the impact on only one system layer. Hence, in this work, we propose a quantitative risk assessment method for cyber-physical systems based on probabilistic and deterministic techniques. The former uses attack graphs to evaluate the attack likelihood, while the latter analyzes the potential cyber-physical impact. This is achieved through a dynamic cyber-physical power system model, i.e., digital twin, able to simulate power system cascading failures caused by cyber attacks. Additionally, we propose a domain-specific language to describe the assets of digital substations and thereby model the attack graphs. Using the proposed method, combined risk metrics are calculated that consider the likelihood and impact of cyber threat scenarios. The risk assessment is conducted using the IEEE 39-bus system, consisting of 27 user-defined digital substations. These substations serve as the backbone of the examined cyber system layer and as entry-points for the attackers. Results indicate that cyber attacks on specific substations can cause major cascading failures or even a blackout. Thereby, the proposed method identifies the most critical substations and assets that must be cyber secured.
Authored by Ioannis Semertzis, Vetrivel Rajkumar, Alexandru Ştefanov, Frank Fransen, Peter Palensky
Cybersecurity is largely based on the use of frameworks (ISO27k, NIST, etc.) which main objective is compliance with the standard. They do not, however, address the quantification of the risk deriving from a threat scenario. This paper proposes a methodology that, having evaluated the overall capability of the controls of an ISO27001 framework, allows to select those that mitigate a threat scenario and evaluate the risk according to a Cybersecurity Risk Quantification model.
Authored by Glauco Bertocchi, Alberto Piamonte
Cybersecurity risk analysis is crucial for orga-nizations to assess, identify, and prioritize possible threats to their systems and assets. Organizations aim to estimate the loss cost in case cybersecurity risks occur to decide the control actions they should invest in. Quantitative risk analysis aids organizations in making well-informed decisions about risk mitigation strategies and resource allocation. Therefore, organizations must use quantitative risk analysis methods to identify and prioritize risks rather than relying on qualitative methods. This paper proposes a spreadsheet-based quantitative risk analysis method based on verbal likelihoods. Our approach relies on tables constructed by experts that map between linguistic likelihood and possible probability ranges. Using linguistic terms to estimate the probability of risk occurrence will help experts apply quantitative estimation easily by using common language as input, thus eliminating the need to assign precise probabilities. We experimented with real examples to validate our approach s accuracy and reliability and compared our results with those obtained from another method. Also, we conducted tests to measure our model s performance and robustness. Our study showcases the effectiveness of our approach and demonstrates its potential for risk analysts to use it in real-world applications.
Authored by Karim Elhammady, Sebastian Fischmeister
In modern conditions, the relevance of the problem of assessing the information security risks for automated systems is increasing. Risk assessment is defined as a complex multi-stage task. Risk assessment requires prompt decision-making for effective information protection. To solve this problem, a method for automating risk assessment based on fuzzy cognitive maps is proposed. A fuzzy cognitive map is a model that can be represented as a directed graph in which concepts and connections between them have own weights. The automation process allows evaluate complex relationships between factors and threats, providing a more comprehensive risk assessment. The application of fuzzy cognitive maps proved to be an effective tool for automation, promptness, and quality in risk assessment.
Authored by Andrey Shaburov, Anna Ozhgibesova, Vsevolod Alekseev
Cyber security is a critical problem that causes data breaches, identity theft, and harm to millions of people and businesses. As technology evolves, new security threats emerge as a result of a dearth of cyber security specialists equipped with up-to-date information. It is hard for security firms to prevent cyber-attacks without the cooperation of senior professionals. However, by depending on artificial intelligence to combat cyber-attacks, the strain on specialists can be lessened. as the use of Artificial Intelligence (AI) can improve Machine Learning (ML) approaches that can mine data to detect the sources of cyberattacks or perhaps prevent them as an AI method, it enables and facilitates malware detection by utilizing data from prior cyber-attacks in a variety of methods, including behavior analysis, risk assessment, bot blocking, endpoint protection, and security task automation. However, deploying AI may present new threats, therefore cyber security experts must establish a balance between risk and benefit. While AI models can aid cybersecurity experts in making decisions and forming conclusions, they will never be able to make all cybersecurity decisions and judgments.
Authored by Safiya Alawadhi, Areej Zowayed, Hamad Abdulla, Moaiad Khder, Basel Ali
Anomaly detection is a challenge well-suited to machine learning and in the context of information security, the benefits of unsupervised solutions show significant promise. Recent attention to Graph Neural Networks (GNNs) has provided an innovative approach to learn from attributed graphs. Using a GNN encoder-decoder architecture, anomalous edges between nodes can be detected during the reconstruction phase. The aim of this research is to determine whether an unsupervised GNN model can detect anomalous network connections in a static, attributed network. Network logs were collected from four corporate networks and one artificial network using endpoint monitoring tools. A GNN-based anomaly detection system was designed and employed to score and rank anomalous connections between hosts. The model was validated against four realistic experimental scenarios against the four large corporate networks and the smaller artificial network environment. Although quantitative metrics were affected by factors including the scale of the network, qualitative assessments indicated that anomalies from all scenarios were detected. The false positives across each scenario indicate that this model in its current form is useful as an initial triage, though would require further improvement to become a performant detector. This research serves as a promising step for advancing this methodology in detecting anomalous network connections. Future work to improve results includes narrowing the scope of detection to specific threat types and a further focus on feature engineering and selection.
Authored by Charlie Grimshaw, Brian Lachine, Taylor Perkins, Emilie Coote
Cyberattacks, particularly those that take place in real time, will be able to target an increasing number of networked systems as more and more items connect to the Internet of items. While the system is operational, it is susceptible to intrusions that might have catastrophic consequences, such as the theft of sensitive information, the violation of personal privacy, or perhaps physical injury or even death. These outcomes are all possible while the system is operational. A mixed-methods research approach was required in order to fulfill the requirements for understanding the nature and scope of real-time assaults on IoT-powered cybersecurity infrastructure. The quantitative data that was utilized in this research came from an online survey of IoT security professionals as well as an analysis of publicly available information on IoT security incidents. For the purpose of gathering qualitative data, in-depth interviews with industry experts and specialists in the area of Internet of Things security were conducted. The authors provide a novel method for identifying cybersecurity flaws and breaches in cyber-physical systems, one that makes use of deep learning in conjunction with blockchain technology. This method has the potential to be quite useful. Their proposed technique compares and evaluates unsupervised and deep learning-based discriminative methods, in addition to introducing a generative adversarial network, in order to determine whether cyber threats are present in IICs networks that are powered by IoT. The results indicate an improvement in performance in terms of accuracy, reliability, and efficiency in recognizing all types of attacks. The dropout value was found to be 0.2, and the epoch value was set at 25.
Authored by Varsha Agarwal, Pooja Gupta
The escalating visibility of secure direct object reference (IDOR) vulnerabilities in API security, as indicated in the compilation of OWASP Top 10 API Security Risks, highlights a noteworthy peril to sensitive data. This study explores IDOR vulnerabilities found within Android APIs, intending to clarify their inception while evaluating their implications for application security. This study combined the qualitative and quantitative approaches. Insights were obtained from an actual penetration test on an Android app into the primary reasons for IDOR vulnerabilities, underscoring insufficient input validation and weak authorization methods. We stress the frequent occurrence of IDOR vulnerabilities in the OWASP Top 10 API vulnerability list, highlighting the necessity to prioritize them in security evaluations. There are mitigation recommendations available for developers, which recognize its limitations involving a possibly small and homogeneous selection of tested Android applications, the testing environment that could cause some inaccuracies, and the impact of time constraints. Additionally, the study noted insufficient threat modeling and root cause analysis, affecting its generalizability and real-world relevance. However, comprehending and controlling IDOR dangers can enhance Android API security, protect user data, and bolster application resilience.
Authored by Semi Yulianto, Roni Abdullah, Benfano Soewito
Over the past decade, the number of cyber attack incidents targeting critical infrastructures such as the electrical power system has increased. To assess the risk of cyber attacks on the cyber-physical system, a holistic approach is needed that considers both system layers. However, the existing risk assessment methods are either qualitative in nature or employ probabilistic models to study the impact on only one system layer. Hence, in this work, we propose a quantitative risk assessment method for cyber-physical systems based on probabilistic and deterministic techniques. The former uses attack graphs to evaluate the attack likelihood, while the latter analyzes the potential cyber-physical impact. This is achieved through a dynamic cyber-physical power system model, i.e., digital twin, able to simulate power system cascading failures caused by cyber attacks. Additionally, we propose a domain-specific language to describe the assets of digital substations and thereby model the attack graphs. Using the proposed method, combined risk metrics are calculated that consider the likelihood and impact of cyber threat scenarios. The risk assessment is conducted using the IEEE 39-bus system, consisting of 27 user-defined digital substations. These substations serve as the backbone of the examined cyber system layer and as entry-points for the attackers. Results indicate that cyber attacks on specific substations can cause major cascading failures or even a blackout. Thereby, the proposed method identifies the most critical substations and assets that must be cyber secured.
Authored by Ioannis Semertzis, Vetrivel Rajkumar, Alexandru Ştefanov, Frank Fransen, Peter Palensky
The Web of Things (IoT), which aids in the creation opportunities to meet various business requirements, support in improving company activities, create and interact with the customers for effective delivery of goods and services, has seen overall expansion and development fueled by the dynamic business environment. The utilization of IoT and similar solutions has expanded, raising concerns about security vulnerabilities and the crucial actions that management must take to safeguard data and improve operational efficiency. The study focuses more on analyzing the key elements of IoT technologies that an organization may utilize to protect itself from security threats and take the necessary countermeasures to achieve sustainable growth. Each kind of network intrusion is thought to be linked around one or more different architectural levels; as a result, suitable authenticity, confidentially, and validation need to be established for greater protection. SPSS is utilized in the study s qualitative research design to analyses the data and offer insight based on the findings.
Authored by Sachin Gupta, Gurvinder Singh
Cybersecurity risk analysis is crucial for orga-nizations to assess, identify, and prioritize possible threats to their systems and assets. Organizations aim to estimate the loss cost in case cybersecurity risks occur to decide the control actions they should invest in. Quantitative risk analysis aids organizations in making well-informed decisions about risk mitigation strategies and resource allocation. Therefore, organizations must use quantitative risk analysis methods to identify and prioritize risks rather than relying on qualitative methods. This paper proposes a spreadsheet-based quantitative risk analysis method based on verbal likelihoods. Our approach relies on tables constructed by experts that map between linguistic likelihood and possible probability ranges. Using linguistic terms to estimate the probability of risk occurrence will help experts apply quantitative estimation easily by using common language as input, thus eliminating the need to assign precise probabilities. We experimented with real examples to validate our approach s accuracy and reliability and compared our results with those obtained from another method. Also, we conducted tests to measure our model s performance and robustness. Our study showcases the effectiveness of our approach and demonstrates its potential for risk analysts to use it in real-world applications.
Authored by Karim Elhammady, Sebastian Fischmeister
Development of a Real-time Location Monitoring App with Emergency Alert Features for Android Devices
Smartphones have completely altered the mobile communication scene. Wi-Fi, global positioning system navigation, high-resolution cameras, and touchscreens with high-speed internet access are just some of the cutting-edge capabilities that these devices offer, allowing users to stay in constant contact with the present. Since many of these features are embedded deeply in the mobile operating system, they are typically inaccessible to the average user. However, Google released Android, a revolutionary operating system. Because of its open system architecture, this platform encourages third-party development and a debugging environment that users may change to create their own unique apps. In this research project, we examine the development of an Emergency Based Remote Collateral Tracking System app on the Android mobile platform from Google. There are three main forms of emergencies: those involving the heart, those involving personal safety, and those involving the roads. Users who own and operate motor vehicles are the primary focus of this app. Our program can keep tabs on the driver’s pulse by connecting to a heart rate monitor. Our application has a backup function in case of anomalies. First, it sends SMS messages containing the user’s location data after using GPS to do so.
Authored by Dankan Gowda V, Kdv Prasad, R Shekhar, Rachakonda Srinivas, Kale Srinivas, Prasanna Lakineni
These days, safety measures can t be neglected. In a world where digital risks are becoming more prevalent, efficient security has become an essential aspect of any system or business. Protecting valuables now requires a defensive strategy with several layers. Security systems play an important role in today s modern, industrialised society. The security system is primarily intended to address the need for the protection of hard-earned treasures (jewels). Unlike the current method, which uses physical locks that are readily falsified, this system uses Bluetooth and RFID tags in conjunction with digital (electronic) code locks to unlock the door automatically once the series of authentications is validated and emits alarm noises when any discrepancy happens. The ability of subsequent layers of defense to prevent intrusion is unaffected by the failure of an earlier one to provide detection. In this effort, we use IoT to design and build a fully automated security system that will operate with no more human intervention when it is put into place. In addition, the system s overall cost of adoption is far lower than that of any other consumer security solution now on the market.
Authored by Somya Prakash, Sabita Mali, Farida Ali
In today s world, security is a very important issue. People should always keep their belongings safe. To increase security, this research work proposes a IoT-based smart lockers with sensors and access keys with security, verification, and user-friendly tools. This model alerts the user when someone else tries to access their locker and quickly sends an alarm to the authorized user, and provides the option to either grant or reject access to the valid user. In this paper, smart locker is kept registered early to use a locker in the bank, office, home, etc. to ensure safety. The user demands to send an unlock direction with the help of microcontroller NUDE MCU ESP8266 and after accepting the command from the cloud (BLYNK APP), only the user can unlock the closet and access the valuables. This study has also introduced the encroachment detection in lockers with sensors and finally installed smart lockers with fire alarms for security and reliability.
Authored by Bhawna Khokher, Mamta Savadatti, Anish Kumar, T.V. Nikhil, Pranav Raj, Aditya Thakre
Electronic devices and appliances are increasingly becoming a quintessential part of every household with the recent development and innovations in the field of technology affecting the day-to-day lives of individuals. Automation has caught the fame as people struggle to keep up with the demands of work, making it an easy solution to operate devices and machines to meet the individual needs. The paper describes the creation and execution of an affordable, versatile, and safe home automation system that is controlled through a mobile phone. The system relies on an independent Arduino BT board, which is connected to home appliances via relays attached to its input/output ports. Wireless communication is used to connect the mobile phone and the Arduino BT board. The system is designed to be both economical and expandable, allowing for control of a range of devices with minimal changes to its basic structure. The focus of the paper is to explain how to manage and regulate electronic devices using Android smartphones. The paper also outlines a home automation system that prioritizes security and safeguards user privacy. This system is designed to be affordable and flexible, making it possible to control various devices with minimalchanges to its core structure. Additionally, the appliances in the system are protected by passwords to ensure that only authorized users can access them.
Authored by Priyanka Bhardwaj, Manidipa Roy, Sanjay Singh, Vanshika Jain, Mega Novita, Agus Mukhtar, Yuris Setyoadi
The increasing prevalence of cyber threats necessitates the exploration of cybersecurity challenges in sustainable operating systems. This research paper addresses these challenges by examining the dynamic landscape of cyber threats and the modifications required in operating systems to ensure robust security measures. Through the classification of these threats, the diverse nature of attacks faced by operating systems is revealed, highlighting the need for proactive security measures. Furthermore, the study investigates current cyber security solutions and prevention mechanisms employed to mitigate these threats. It also explores the modifications and challenges that operating systems must undergo in response to cybersecurity crimes, emphasizing the significance of proactive measures to address vulnerabilities exploited by cybercriminals.
Authored by Shadi bi, Samar Hendawi, Islam Altalahin, Muder Almiani, Ala Mughaid
Technology has improved, and smart locking systems have become more sophisticated. In this case, the android-based Smart System is primarily intended for multimode operations. Such a system is necessary in banks and businesses since it provides f u n c t i o n s that let users control locks. The implementation’s efficiency the system is incredibly helpful because of its functionality and user-friendly interface. Some homeowners aim to connect their home’s numerous home automation devices. Those connected to a Windows-based PC are the most popular home controllers. In our study, we introduced a form of smart technology that utilized Bluetooth while using a mobile smartphone. Consequently, using it will be simpler and more effective. Additionally, it supported the free and open-source Android and Arduino platforms. This paper proposes a door lock automation system that uses an Android smartphone with Bluetooth as the first piece of hardware. Following a description of the design and software development process, a Bluetooth-based Smartphone application for locking and unlocking doors is demonstrated. The task module acts as the agent in the hardware design for the door-lock system, the Arduino microcontroller serves as the controller and data processing hub, and the solenoid acts as the door lock output. The results of each test show that it is compatible with the original plan for this study.
Authored by B. Swathi, Aditya Kanoi, Harshvardhan Kumar, Jaiswal Sinha, Gana Gajjala
This paper focuses on the adoption of biometric and RFID security gadgets as innovative solutions for enhancing door lock systems. The traditional reliance on physical keys has proven vulnerable to security breaches, prompting the need for more robust measures. Biometric features such as Fingerprint, Voice and Bluetooth offer unparalleled security by leveraging unique biological characteristics for authentication. Additionally, integrating RFID technology enables convenient access control through assigned cards or tags, eliminating the need for physical keys or complex passwords. The combination of these cutting-edge solutions establishes a comprehensive security infrastructure, significantly reducing risks associated with conventional lock systems. This research highlights the benefits and applications of these technologies in various settings, emphasizing their role in creating a safer environment for individuals and organizations.
Authored by Sherly Alphonse, Chitranshu Gupta, Mohammad Warsi, Karmokar Shantu, Aryaman Tamotia
Every person must take precautions in the current pandemic crisis, such as wearing protective gear, keeping a safe distance, cleaning their hands, and avoiding touching anything unless absolutely essential. However, there is a potential of disease transmission while touching objects like tables, doors, cars, and other things. Therefore, this study has proposed a proposal to stop them; the project is based on automation, in which an automatic door closing and opening mechanism has been created once the voice command is given. In this scenario, when a proper voice command is provided, the mechanism is activated to open and close the door automatically. Hence that there is no direct human contact with the door, which will assist stop or slow the spread of pandemic disease. The developed Arduino-based module can automatically close and open the door. These devices produced a regulator for the input, which uses the Android s Bluetooth signal. Arduino-based Android customers may easily open and close the door with their phones by communicating via Bluetooth technology. Within range, Bluetooth Classic (BT) makes it possible to connect an Android device. You may open a door with a personalized audio message and operate it by speaking into modules. Here, everyone is using various modules, such as voice commands, to control various modules. When a voice command is provided, the door will open and close on its own.
Authored by C.Kanmani Pappa, N. Ashokkumar, P. Nagarajan, Kavitha Thandapani
The advancement of technology is challenging for designers of the security systems. When securing a property or different valuable items, it must be kept into account that often criminals are equipped with performant electric or electronic devices, constructed to disable security systems and to remove any trace of their activity. In consequence, reliable and fast responding security systems must be constructed. This paper proposes a design based on two different microcontrollers, both using Real Time Operating Systems, which has an increased capability to resist at attacks from intruders, and to warn the authorities as soon as a unauthorized access was detected in the secured space. This project is characterized by a low-cost implementation and an efficient operation, given that it is fast responding, and it contains two physically separated modules, making its disabling by intruders more difficult.
Authored by Iustin Constantin, Alexandru Dinu
In recent years, the advancement of sensor technologies has revolutionized the field of security systems, enabling more accurate and reliable monitoring solutions. Radar technology, known for its ability to operate effectively in various weather conditions and lighting environments, provides a distinct advantage in maintaining consistent surveillance. By utilizing radio waves, the system can accurately detect movement within its coverage area, making it well-suited for both indoor and outdoor applications. The smart radar security system is an innovative approach that harnesses the power of radar technology to create a robust and efficient security solution. This system employs radar sensors to detect and track movement, presence, and object classification in diverse environments, offering significant advantages over traditional security methods. The core functionality of the proposed system revolves around its ability to detect motion with high precision. The proposed approach represents a significant step forward in security solutions by leveraging radar technology s unique advantages. Hence, this work aims to develop a protype for accurately detection the obstacle motion related to radar applications. Bluetooth technology has been utilized for establishing user interface and receiving alerts in the mobile application. Users can receive real-time alerts and notifications on their smartphones or connected devices whenever unauthorized movement is detected. Additionally, the proposed system can be seamlessly integrated with existing smart home or security systems, allowing for comprehensive and centralized surveillance management. As technology continues to evolve, this system showcases the potential for cutting-edge solutions that prioritize both security and privacy.
Authored by Prudhvi Budumuru, Santosh Chegondi, Leela M, M Arjun, M Rohith, N Harikrishna
In today s world, security is a very important issue. People should always keep their belongings safe. To increase security, this research work proposes a IoT-based smart lockers with sensors and access keys with security, verification, and user-friendly tools. This model alerts the user when someone else tries to access their locker and quickly sends an alarm to the authorized user, and provides the option to either grant or reject access to the valid user. In this paper, smart locker is kept registered early to use a locker in the bank, office, home, etc. to ensure safety. The user demands to send an unlock direction with the help of microcontroller NUDE MCU ESP8266 and after accepting the command from the cloud (BLYNK APP), only the user can unlock the closet and access the valuables. This study has also introduced the encroachment detection in lockers with sensors and finally installed smart lockers with fire alarms for security and reliability.
Authored by Bhawna Khokher, Mamta Savadatti, Anish Kumar, T.V. Nikhil, Pranav Raj, Aditya Thakre
Advances in sensor and communication technologies have transformed traditional homes into smart homes, equipped with sensors and actuators for various functionalities like smart lighting, temperature control, irrigation, solar monitoring, entertainment, and security. This transition is powered by the Internet of Things (IoT) architecture, enabling smart home hubs to integrate and control devices with different communication protocols. However, this shift has also introduced new security and privacy issues in the Smart Home IoT (SH-IoT) environment. To address these challenges, new communication protocols with cryptographic features have been developed, and a unified standard called Matter has been created to promote interoperability among different device manufacturers. This paper presents a comprehensive survey of recent trends and advances in the smart home IoT landscape, focusing on communication protocols, their security issues and protection features against vulnerabilities in the SH-IoT environment.
Authored by Ismael Holguin, Sai Errapotu
With the advancement in Internet of things smart homes are rapidly developing. Smart home is the major key component of Internet of thing. With the help of IOT technology we can stay connected to our home appliance. Internet of Things is the Associations of inserted advancements that. Contained physical protests and is utilized to convey and keenness or collaborate with the internal states or the outer surroundings. Rather than individuals to individuals’ correspondence, IoT accentuation on machine-to-machine correspondence. Smart home connects the physical components of our home with the help of software and sensors so that we can access them via internet from one place. Building home automation includes computerizing a home, likewise, mentioned to as a sensible home or smart home. Domestic machines are an urgent part of the Web of Things whenever they are associated with the web. Controlled devices are commonly connected to a focal center or entryway through a domestic automation framework. A smartphone application, tablet PC, personal computer, wall-mounted terminals, or even a web interface that can be gotten to from off-website over the Web are completely utilized by the program to work the framework. Since all the devices are interconnected and interlinked to one an-another they are lot of chances for security breach and data theft. If the security layer is easily breakable any third-party attacker can easily theft the private data of the user. Which leads us to pay more attention to protecting and securing private data. With the day-to-day development of Smart Home, the safety also got to be developed and updated day to day the safety challenges of the IoT for a wise home scenario are encountered, and a comprehensive IoT security management for smart homes has been proposed. This paper acquaints the status of IoT development, and furthermore contains security issues challenges. Finally, this paper surveys the Gamble factor, security issues and challenges in every point of view
Authored by S.R Anupriya, Muthumanikandan V
In the last decade the rapid development of the communications and IoT systems have risen many challenges regarding the security of the devices that are handled wirelessly. Therefore, in this paper, we intend to test the possibility of spoofing the parameters for connection of the Bluetooth Low Energy (BLE) devices, to make several recommendations for increasing the security of the usage of those devices and to propose basic counter measurements regarding the possibility of hacking them.
Authored by Cristian Capotă, Mădălin Popescu, Simona Halunga, Octavian Fratu