Happiness Is Homemade is a safe and trusted platform that addresses the lack of recreational opportunities faced by older adults. Our website will help people not only elders but also volunteers of younger age groups, connect with people of similar likes and interests helping them enlarge their social circle and switching to other means of recreation apart from mobile phones and television. This platform aims at resolving the issues of lack of leisure time activities which may lead to problems in physical and mental health, social life, and the environment in which they live and interact with older adults. Registered volunteers organize specific activities for senior citizens. Elders who are interested in embarking on new experiences or continue pursuing their hobbies and interests can register for the specific curated event. The event details, time, place, and the details of the volunteer/s organizing the event would be mentioned. Activities here include excursions to specific locations, temple visits, retro nights and yoga, meditation events, etc. It also provides a platform for seniors to organize courses(classes) in their areas of expertise. These courses are accompanied by interested volunteers. Classes can be conducted online or offline at senior citizens homes. Classes can include any subject, including cooking, finance, gardening, and home economics. With the help of this platform not only will the problem of leisure time activities be resolved but also it will help the elder citizens to earn some income.
Authored by Vaishnavi Kothari, Anupama Menon, Itisha Mathane, Shivangi Kumar, Ashhvini Gaikwad
In Industry 4.0, the Digital twin has been widely used in industrial activities. However, the data-driven industry is placing a higher demand on digital twins, especially for the secure sharing and management of data throughout the lifecycle. As a distributed ledger technology, Blockchain is well suited to address these challenges. Unfortunately, current blockchain-based digital twin lifecycle management does not focus on data processing after the retirement stage. In this paper, we propose BDTwins, a blockchain-based digital twin lifecycle management framework, which is built based on our proposed 7D model. In this framework, we make innovative use of Non-Fungible Tokens (NFT) to process the data in the recovery stage of the digital twin. This method solves digital intellectual property disputes and inherits digital twin knowledge completely and stably after the destruction of physical entities. In addition, BDTwins has designed a fine-grained hierarchical access control policy to enable secure data sharing among stakeholders. And solves the performance bottleneck of traditional single-chain blockchain architecture by utilizing directed acyclic graph (DAG) blockchain and off-chain distributed storage. Finally, we implement a general blockchain-based digital twin case using smart contract technology to demonstrate our proposed digital twin lifecycle management framework.
Authored by Xianxian Cao, Xiaoling Li, Yinhao Xiao, Yumin Yao, Shuang Tan, Ping Wang
This study aims to examine the effect of Islamic financial literacy on Islamic financial inclusion through the mediation of digital finance and social capital. Proportionate Stratified Random Sampling was used to select 385 samples from each of Banda Aceh City s 9 sub-districts. Afterward, the questionnaire data were analyzed using Structural Equation Modeling (SEM) in accordance with scientific standards. This study found two important things. First, Islamic financial literacy, digital finance, and social capital boost Banda Aceh s Islamic financial inclusion. Second, digital finance and social capital can mediate the effects of Islamic financial literacy on Banda Aceh s Islamic financial inclusion. This study emphasizes the need for a holistic approach, combining education, technology, and community trust to promote Islamic financial inclusion. Policymakers, educators, institutions, and community leaders can leverage these insights to contribute to a more inclusive Islamic finance ecosystem.
Authored by Putri Marla, Shabri Majid, Said Musnadi, Maulidar Agustina, Faisal Faisal, Ridwan Nurdin
The backend of the processor executes the μops decoded from the frontend out of order, while the retirement is responsible for retiring completed μops in the Reorder Buffer in order. Consequently, the retirement may stall differently depending on the execution time of the first instruction in the Reorder Buffer. Moreover, since retirement is shared between two logical cores on the same physical core, an attacker can deduce the instructions executed on the other logical core by observing the availability of its own retirement. Based on this finding, we introduce two novel covert channels: the Different Instructions covert channel and the Same Instructions covert channel, which can transmit information across logical cores and possess the ability to bypass the existing protection strategies. Furthermore, this paper explores additional applications of retirement. On the one hand, we propose a new variant of Spectre v1 by applying the retirement to the Spectre attack using the principle that the fallback penalty of misprediction is related to the instructions speculated to be executed. On the other hand, based on the principle that different programs result in varied usage patterns of retirement, we propose an attack method that leverages the retirement to infer the program run by the victim. Finally, we discuss possible mitigations against new covert channels.
Authored by Ke Xu, Ming Tang, Quancheng Wang, Han Wang
This study explores how AI-driven personal finance advisors can significantly improve individual financial well-being. It addresses the complexity of modern finance, emphasizing the integration of AI for informed decision-making. The research covers challenges like budgeting, investment planning, debt management, and retirement preparation. It highlights AI s capabilities in data-driven analysis, predictive modeling, and personalized recommendations, particularly in risk assessment, portfolio optimization, and real-time market monitoring. The paper also addresses ethical and privacy concerns, proposing a transparent deployment framework. User acceptance and trust-building are crucial for widespread adoption. A case study demonstrates enhanced financial literacy, returns, and overall well-being with AI-powered advisors, underscoring their potential to revolutionize financial wellness. The study emphasizes responsible implementation and trust-building for ethical and effective AI deployment in personal finance.
Authored by Parth Pangavhane, Shivam Kolse, Parimal Avhad, Tushar Gadekar, N. Darwante, S. Chaudhari
Digitization expansion enables business transactions operating in distributed systems encompassing Internet- and Machine-to-Everything (M2X) economies. Distributed collaboration systems growth comes at a cost of rapidly rising numbers of machines, infrastructure, machine-infrastructure traffic, and consequently a significant augmentation of associated carbon emissions. In order to investigate M2X’s carbon footprint, we design an impact index application layer using blockchain technology of smart contracts to empower a sustainable management of distributed collaboration systems. The impact measurement methodology based on transparent liquid data secures trusted inter-organizational collaborations and supports traceable standardization of sustainability regulation.
Authored by Olena Chornovol, Alex Norta
Processor design and manufacturing is often done globally, involving multiple companies, some of which can be untrustworthy. This lack of trust leads to the threat of malicious modifications like Hardware Trojans. Hardware Trojans can cause drastic consequences and even endanger human lives. Hence, effective countermeasures against Hardware Trojans are urgently needed. To develop countermeasures, Hardware Trojans and their properties have to be understood well. For this reason, we describe and characterize Hardware Trojans in detail in this paper. We perform a theoretical analysis of Hardware Trojans for processors. Afterwards, we present a new classification of processor constituents, which can be used to derive several triggers and payloads and compare them with previously published Hardware Trojans. This shows in detail possible attack vectors for processors and gaps in existing processor Hardware Trojan landscape. No previous work presents such a detailed investigation of Hardware Trojans for processors. With this work, we intend to improve understanding of Hardware Trojans in processors, supporting the development of new countermeasures and prevention techniques.
Authored by Czea Chuah, Alexander Hepp, Christian Appold, Tim Leinmueller
Human-Centered Artificial Intelligence (AI) focuses on AI systems prioritizing user empowerment and ethical considerations. We explore the importance of usercentric design principles and ethical guidelines in creating AI technologies that enhance user experiences and align with human values. It emphasizes user empowerment through personalized experiences and explainable AI, fostering trust and user agency. Ethical considerations, including fairness, transparency, accountability, and privacy protection, are addressed to ensure AI systems respect human rights and avoid biases. Effective human AI collaboration is emphasized, promoting shared decision-making and user control. By involving interdisciplinary collaboration, this research contributes to advancing human-centered AI, providing practical recommendations for designing AI systems that enhance user experiences, promote user empowerment, and adhere to ethical standards. It emphasizes the harmonious coexistence between humans and AI, enhancing well-being and autonomy and creating a future where AI technologies benefit humanity. Overall, this research highlights the significance of human-centered AI in creating a positive impact. By centering on users needs and values, AI systems can be designed to empower individuals and enhance their experiences. Ethical considerations are crucial to ensure fairness and transparency. With effective collaboration between humans and AI, we can harness the potential of AI to create a future that aligns with human aspirations and promotes societal well-being.
Authored by Usman Usmani, Ari Happonen, Junzo Watada
Boolean network is a popular and well-established modelling framework for gene regulatory networks. The steady-state behaviour of Boolean networks can be described as attractors, which are hypothesised to characterise cellular phenotypes. In this work, we study the target control problem of Boolean networks, which has important applications for cellular reprogramming. More specifically, we want to reduce the total number of attractors of a Boolean network to a single target attractor. Different from existing approaches to solving control problems of Boolean networks with node perturbations, we aim to develop an approach utilising edgetic perturbations. Namely, our objective is to modify the update functions of a Boolean network such that there remains only one attractor. The design of our approach is inspired by Thomas’ first rule, and we primarily focus on the removal of cycles in the interaction graph of a Boolean network. We further use results in the literature to only remove positive cycles which are responsible for the appearance of multiple attractors. We apply our solution to a number of real-life biological networks modelled as Boolean networks, and the experimental results demonstrate its efficacy and efficiency.
Authored by Olivier Zeyen, Jun Pang
Operational technology (OT) systems use hardware and software to monitor and control physical processes, devices, and infrastructure - often critical infrastructures. The convergence of information technology (IT) and OT has significantly heightened the cyber threats in OT systems. Although OT systems share many of the hardware and software components in IT systems, these components often operate under different expectations. In this work, several hardware root-of-trust architectures are surveyed and the attacks each one mitigates are compared. Attacks spanning the design, manufacturing, and deployment life cycle of safety-critical operational technology are considered. The survey examines architectures that provide a hardware root-of-trust as a peripheral component in a larger system, SoC architectures with an integrated hardware root-of-trust, and FPGA-based hardware root-of-trust systems. Each architecture is compared based on the attacks mitigated. The comparison demonstrates that protecting operational technology across its complete life cycle requires multiple solutions working in tandem.
Authored by Alan Ehret, Peter Moore, Milan Stojkov, Michel Kinsy
For power grid enterprises in the development of power engineering infrastructure, line equipment operation and inspection and other production and management activities, often due to evidence collection is not timely, lack of effective evidence and other reasons lead to the inability to prove, weak defense of rights, to the legitimate rights and interests of power grid enterprises caused losses. In this context, this paper carries out the technical research on the whole life cycle management scheme of electronic evidence for power grid enterprises safety production, designs the architecture of electronic evidence credible storage and traceability application service system, and realizes the whole life cycle credible management of electronic evidence from collection, curing, transmission, sealing to checking and identification. Enhance the credibility of electronic evidence, access to evidence from the traditional "after the fact evidence" to "before the evidence" mode change, and promote the company s safety production management level.
Authored by Peng Chen, Hejian Wang, Lihua Zhao, Qinglei Guo, Bo Gao, Yongliang Li
Original Equipment Manufacturers (OEMs) need to collaborate within and outside their organizations to improve product quality and time to market. However, legacy systems built over decades using different technology stacks make information sharing and maintaining consistency challenging. Distributed ledger technologies (DLTs) can improve efficiency and provide trust, thus helping to achieve a more streamlined and unified collaboration infrastructure. However, most of the work done is theoretical or conceptual and lacks implementation. This paper elaborates on architecture and implementing a proof of concept (POC) of blockchain-based interoperability and data sharing system that allows OEMs to collaborate seamlessly and share information in real-time.
Authored by Niranjan Marathe, Lawrence Chung, Tom Hill
With the popularization of AIoT applications, every endpoint device is facing information security risks. Thus, how to ensure the security of the device becomes essential. Chip security is divided into software security and hardware security, both of which are indispensable and complement each other. Hardware security underpins the entire cybersecurity ecosystem by proving essential primitives, including key provisioning, hardware cryptographic engines, hardware unique key (HUK), and unique identification (UID). This establishes a Hardware Root of Trust (HRoT) with secure storage, secure operation, and a secure environment to provide a trustworthy foundation for chip security. Today s talk starts with how to use a Physical Unclonable Function (PUF) to generate a unique “fingerprint” (static random number) for the chip. Next, we will address using a static random number and dynamic entropy to design a high-performance true random number generator and achieve real anti-tampering HRoT by leveraging static and dynamic entropy. By integrating NISTstandard cryptographic engines, we have created an authentic PUF-based Hardware Root of Trust. The all-in-one integrated solution can handle all the necessary security functions throughout the product life cycle as well as maintaining a secure boundary to achieve the integrity of sensitive information or assets. Finally, as hardware-level protection extends to operating systems and applications, products and services become secure.
Authored by Meng-Yi Wu
Industrial control systems (ICSs) and supervisory control and data acquisition (SCADA) are frequently used and are essential to the operation of vital infrastructure such as oil and gas pipelines, power plants, distribution grids, and airport control towers. However, these systems confront a number of obstacles and risks that can jeopardize their safety and reliability, including communication failures, cyber-attacks, environmental hazards, and human errors. How can ensure that SCADA systems are both effective and secure? The oil and gas industry literature needs to include an analysis of the underpinning design process. Available research fails to offer appropriate direction for a methodical technique or modeling language that enables trust-based study of ICS and SCADA systems. The most pressing challenges include attaining trust by design in ICS and SCADA, as well as methodically implementing trust design into the development process from the beginning of the system s life cycle. This paper presents the design of a modern ICS and SCADA system for the oil and gas industries utilizing model-based systems engineering (MBSE) approaches. ICS and SCADA concepts and definitions are presented, and ICS and SCADA are examined using comprehensive architectural artifacts. By extending the SysML diagrams to trust ICS, SCADA, and UML diagrams, we showcase the usefulness of the MBSE method.
Authored by Zina Oudina, Makhlouf Derdour, Ahmed Dib, Amal Tachouche
Summary \& ConclusionsResilience, a system property merging the consideration of stochastic and malicious events focusing on mission success, motivates researchers and practitioners to develop methodologies to support holistic assessments. While established risk assessment methods exist for early and advanced analysis of complex systems, the dynamic nature of security is much more challenging for resilience analysis.The scientific contribution of this paper is a methodology called Trust Loss Effects Analysis (TLEA) for the systematic assessment of the risks to the mission emerging from compromised trust of humans who are part of or are interacting with the system. To make this work more understandable and applicable, the TLEA method follows the steps of Failure Mode, Effects \& Criticality Analysis (FMECA) with a difference in the steps related to the identification of security events. There, the TLEA method uses steps from the Spoofing, Tampering, Repudiation, Information disclosure, Denial of Service (DoS), Elevation of privilege (STRIDE) methodology.The TLEA is introduced using a generic example and is then demonstrated using a more realistic use case of a drone-based system on a reconnaissance mission. After the application of the TLEA method, it is possible to identify different risks related to the loss of trust and evaluate their impact on mission success.
Authored by Douglas Van Bossuyt, Nikolaos Papakonstantinou, Britta Hale, Ryan Arlitt
Cybersecurity is an ever-evolving discipline that aims to protect every aspect of an information system, including its users, from digital threats, adversaries and attacks. When it comes to the overall security of an account or a system as a whole, the combination of people and passwords have always been considered the weakest link in the chain since poorly chosen weak, leaked, reused and easy-to-remember passwords still continue to pose an insurmountable threat to the security of innumerable accounts and systems. Yet, much to the dismay of cybersecurity specialists and researchers from all over the world, password-based authentication still remains as one of the most dominant ways of verifying a user s identity, thus making our password-protected accounts, systems and devices a highly lucrative target for cybercriminals. This paper aims to highlight the strengths and weaknesses of passwords in comparison with various other techniques such as multi-factor and adaptive risk-based authentication schemes that have been adopted over the years to augment password-based authentication systems as well as discuss the recent advent of the FIDO2 authentication standard that aims to bid adieu to passwords in favor of making biometric and possession-based authentication the new norm by making them more easily accessible to developers and users alike while ensuring an optimum level of security and privacy at all times.
Authored by Mohammed Kabir, Wael Elmedany
With people s attention to information security, the research on authentication encryption algorithm has become a very important branch of cryptography in recent years. It is widely used in data encryption, message authentication, authentication and key management. In the network of large-scale communication nodes, there are a large quantity of network nodes and a variety of devices. The traditional PKI cryptosystem has the problems of certificate management difficulty and resource waste. Based on the research of block cipher algorithm, this article discusses its application in the design of terminal identity authentication system, and designs a node two-way authentication scheme based on identity encryption. The simulation results show that the block cipher algorithm proposed in this article can get 95.82\%, accuracy, which is higher than the contrast algorithm. Authentication and encryption algorithm based on block cipher plays an important role in authentication and encryption algorithm because of its fast implementation speed of software and hardware and easy standardization. The research shows that the algorithm proposed in this article is superior to other algorithms in the application of terminal identity authentication system. It provides a new solution for related research.
Authored by Dongmei Bin, Xin Li, Ming Xie, Yongjian Liang, Chunyan Yang
Due to the existing global navigation satellite system (GNSS) is an open, without certification system, satellite receiver is vulnerable to the potential for fraud. Therefore, it is urgent to solve the security certification problem of GNSS civil signals. Aiming at the above problems, this paper proposes a navigation encryption authentication technology based on modulation Method authentication (MMA) based on UBFH-BOC signal system. The results show that the authentication scheme can effectively resist the threat of spoofing, ensure the security of navigation signal transmission, and provide a reference for the subsequent application of high security navigation signal structure.
Authored by Minshu Zhang, Lixin Zhang, Lang Bian, Tian Li
The changes in technologies has also changed the way we compute. Computing applications provide various types of functionalities. However, a common thing is to secure the same computing system. It requires a high level of developer skills to secure a system. Generally, verifying users before access of services, encryption of data, and techniques of parallel access of information by multiple users is done to ensure only valid users can access the services. One need to verify person, device, process, or service before it access the related service(s). In this paper, we present a review of authentication techniques used in computing computing. It elaborates methods used for traditional authentication using articles, letters, people, passwords, one-time passwords, digital certificates, two-way authentication to latest behavioural, doodles, image sequence, gestures based recognition of users using biometrics, gait-based and their behavioural analytics. It also discusses key features of various methods including gaps and scope of improvement.
Authored by Mandeep Kaur, Prachi Garg
The development of IoT has penetrated various sectors. The development of IoT devices continues to increase and is predicted to reach 75 billion by 2025. However, the development of IoT devices is not followed by security developments. Therefore, IoT devices can become gateways for cyber attacks, including brute force and sniffing attacks. Authentication mechanisms can be used to ward off attacks. However, the implementation of authentication mechanisms on IoT devices is challenging. IoT devices are dominated by constraint devices that have limited computing. Thus, conventional authentication mechanisms are not suitable for use. Two-factor authentication using RFID and fingerprint can be a solution in providing an authentication mechanism. Previous studies have proposed a two-factor authentication mechanism using RFID and fingerprint. However, previous research did not pay attention to message exchange security issues and did not provide mutual authentication. This research proposes a secure mutual authentication protocol using two-factor RFID and fingerprint using MQTT protocol. Two processes support the authentication process: the registration process and authentication. The proposed protocol is tested based on biometric security by measuring the false acceptance rate (FAR) and false rejection rate (FRR) on the fingerprint, measuring brute force attacks, and measuring sniffing attacks. The test results obtained the most optimal FAR and FRR at the 80\% threshold. Then the equal error rate (ERR) on FAR and FRR is around 59.5\%. Then, testing brute force and sniffing attacks found that the proposed protocol is resistant to both attacks.
Authored by Rizka Pahlevi, Vera Suryani, Hilal Nuha, Rahmat Yasirandi
The proliferation of sensitive information being stored online highlights the pressing need for secure and efficient user authentication methods. To address this issue, this paper presents a novel zero-effort two-factor authentication (2FA) approach that combines the unique characteristics of a user s environment and Machine Learning (ML) to confirm their identity. Our proposed approach utilizes Wi-Fi radio wave transmission and ML algorithms to analyze beacon frame characteristics and Received Signal Strength Indicator (RSSI) values from Wi-Fi access points to determine the user s location. The aim is to provide a secure and efficient method of authentication without the need for additional hardware or software. A prototype was developed using Raspberry Pi devices and experiments were conducted to demonstrate the effectiveness and practicality of the proposed approach. Results showed that the proposed system can significantly enhance the security of sensitive information in various industries such as finance, healthcare, and retail. This study sheds light on the potential of Wi-Fi radio waves and RSSI values as a means of user authentication and the power of ML to identify patterns in wireless signals for security purposes. The proposed system holds great promise in revolutionizing the field of 2FA and user authentication, offering a new era of secure and seamless access to sensitive information.
Authored by Ali AlQahtani, Thamraa Alshayeb
In today s world, the traditional way of password based authentication is having limitations in addressing the security concerns of the digital users. There is a strong movement in favour of passwordless authentication to secure our cyber identities and digital assets. In the recent years, a lot of research outputs have been published in the field of authentication with techniques like multifactor authentication, passwordless authentication, adaptive authentication and continuous authentication. Not only the user, but also the device, the application etc. must be authenticated to access the resources, facilities and services. Even though the passwords face some serious security issues, they enjoy considerable user acceptance and hence some schemes termed as semi-passwordless authentication are also prevalent. This paper goes through existing authentication schemes, their security issues, attacks and the next step ahead.
Authored by Midhuna R, N. Jeyanthi
With the advances in 5G communication and mobile device, internet of drones (IoD) has emerged as a fascinating new concept in the realm of smart cities, and has garnered significant interest from both scientific and industrial communities. However, IoD are fragile to variety of security attacks because an adversary can reuse, delete, insert, intercept or block the transmitted messages over an open channel. Therefore, it is imperative to have robust and efficient authentication and key agreement (AKA) schemes for IoD in order to to fulfill the necessary security requirements. Recently, Nikooghadm et al. designed a secure and lightweight AKA scheme for internet of drones (IoD) in IoT environments. However, we prove that their scheme is not resilient to various security threats and does not provide the necessary security properties. Thus, we propose the essential security requirements and guidelines to enhance the security flaws of Nikooghadm et al.’s scheme.
Authored by Sungjin Yu, Keonwoo Kim, Kim Taesung, Boheung Chung, Yousung Kang
As digital ecosystems burgeon, the imperative to fortify user authentication methods intensifies. This paper introduces a novel two-factor authentication system designed to transcend the limitations of conventional password-based approaches. Our approach intertwines traditional login credentials with personalized image-based verification, ushering in a dual-layered authentication paradigm. This elevates security by mandating the fulfillment of two independent factors and engenders a user-centric authentication experience. Users establish primary login credentials during the account creation phase and select personalized images imbued with personal significance. Each image is intricately linked to a user-defined keyword, enhancing the authentication process s meaningfulness. The authentication phase comprises submitting primary credentials, random display of associated keywords, and subsequent user identification and image upload. The system intelligently restricts authentication attempts with differentiated limits for known and unknown devices to preempt password attacks. The amalgamation of personalized images, keywords, and a strategic limitation on authentication attempts distinguishes our system as a comprehensive solution. It mitigates the vulnerabilities associated with traditional authentication methods and augments the user experience. Our two-factor authentication system stands as a testament to the evolving landscape of user authentication, offering a secure and engaging pathway in an era of heightened digital vulnerabilities. While our innovative system presents significant progress, it is imperative to recognize certain limitations for a successful implementation. Ongoing attention and refinement are particularly crucial in addressing concerns related to device and image dependency and potential vulnerabilities associated with shoulder surfing attacks.
Authored by Essohanam Djeki, Jules Dégila, Muhtar Alhassan
In present authentication systems on the web, users are compelled to interact with identity providers. Initially, they are required to register on a particular website wherein they fill all their details. After this stage, they get a user id and password or token which they can use for accessing the application and their respective features. However, from security point of view, this type of system can be challenging. In such systems, authentication of data is available with the identity providers. It could be hacked to obtain the user passwords and other details. Various current systems track the activity of users and users provide access to sensitive information for the same. For example, access to storage, files, contacts, etc. To make sure that data is available, third-party servers are required which need to be available during authentication. In current, various methods for authentication such as Single-Factor, Two-Factor Authentication (2FA), Single Sign-On, Multi-Factor Authentication, etc are used. In this paper, we will study the authentication systems, their advantages and flaws along with the protocols used.
Authored by Anagha Chaudhari, Ashish Pawar, Adesh Pawar, Ajay Pawar, Ganesh Pawar