Information Centric Networks - This work expands on our prior work on an architecture and supporting protocols to efficiently integrate constrained devices into an Information-Centric Network-based Internet of Things in a way that is both secure and scalable. In this work, we propose a scheme for addressing additional threats and integrating trust-based behavioral observations and attribute-based access control by leveraging the capabilities of less constrained coordinating nodes at the network edge close to IoT devices. These coordinating devices have better insight into the behavior of their constituent devices and access to a trusted overall security management cloud service. We leverage two modules, the security manager (SM) and trust manager (TM). The former provides data confidentiality, integrity, authentication, and authorization, while the latter analyzes the nodes behavior using a trust model factoring in a set of service and network communication attributes. The trust model allows trust to be integrated into the SM s access control policies, allowing access to resources to be restricted to trusted nodes.

Information Centric Networks - The 6G wireless communication networks are being studied to build a powerful networking system with global coverage, enhanced spectral/energy/cost efficiency, better intelligent level and security. This paper presents a four-in-one networking paradigm named 3CL-Net that would broaden and strengthen the capabilities of current networking by introducing ubiquitous computing, caching, and intelligence over the communication connection to build 6G-required capabilities. To evaluate the practicability of 3CL-Net, this paper designs a platform based on the 3CL-Net architecture. The platform adopts leader-followers structure that could support all functions of 3CL-Net, but separate missions of 3CL-Net into two parts. Moreover, this paper has implemented part of functions as a prototype, on which some experiments are carried out. The results demonstrate that 3CL-Net is potential to be a practical and effective network paradigm to meet future requirements, meanwhile, 3CL-Net could motivate designs of related platforms as well.

Industrial Control Systems - The Industrial Internet expands the attack surface of industrial control systems(ICS), bringing cybersecurity threats to industrial controllers located in operation technology(OT) networks. Honeypot technology is an important means to detect network attacks. However, the existing honeypot system cannot simulate business logic and is difficult to resist highly concealed APT attacks. This paper proposes a high-simulation ICS security defense framework based on virtualization technology. The framework utilizes virtualization technology to build twins for protected control systems. The architecture can infer the execution results of control instructions in advance based on actual production data, so as to discover hidden attack behaviors in time. This paper designs and implements a prototype system and demonstrates the effectiveness and potential of this architecture for ICS security.

This paper provides an end-to-end solution to defend against known microarchitectural attacks such as speculative execution attacks, fault-injection attacks, covert and side channel attacks, and unknown or evasive versions of these attacks. Current defenses are attack specific and can have unacceptably high performance overhead. We propose an approach that reduces the overhead of state-of-art defenses by over 95%, by applying defenses only when attacks are detected. Many current proposed mitigations are not practical for deployment; for example, InvisiSpec has 27% overhead and Fencing has 74% overhead while protecting against only Spectre attacks. Other mitigations carry similar performance penalties. We reduce the overhead for InvisiSpec to 1.26% and for Fencing to 3.45% offering performance and security for not only spectre attacks but other known transient attacks as well, including the dangerous class of LVI and Rowhammer attacks, as well as covering a large set of future evasive and zero-day attacks. Critical to our approach is an accurate detector that is not fooled by evasive attacks and that can generalize to novel zero-day attacks. We use a novel Generative framework, Evasion Vaccination (EVAX) for training ML models and engineering new security-centric performance counters. EVAX significantly increases sensitivity to detect and classify attacks in time for mitigation to be deployed with low false positives (4 FPs in every 1M instructions in our experiments). Such performance enables efficient and timely mitigations, enabling the processor to automatically switch between performance and security as needed.

Under the situation of regular epidemic prevention and control, teleworking has gradually become a normal working mode. With the development of modern information technologies such as big data, cloud computing and mobile Internet, it's become a problem that how to build an effective security defense system to ensure the information security of teleworking in complex network environment while ensuring the availability, collaboration and efficiency of teleworking. One of the solutions is Zero Trust Network(ZTN), most enterprise infrastructures will operate in a hybrid zero trust/perimeter-based mode while continuing to invest in IT modernization initiatives and improve organization business processes. In this paper, we have systematically studied the zero trust principles, the logical components of zero trust architecture and the key technology of zero trust network. Based on the abstract model of zero trust architecture and information security technologies, a prototype has been realized which suitable for iOS terminals to access enterprise resources safely in teleworking mode.

Due to the widespread use of the Internet of Things (IoT) in recent years, the need for IoT technologies to handle communications with the rest of the globe has grown dramatically. Wireless sensor networks (WSNs) play a vital role in the operation of the IoT. The creation of Internet of Things operating systems (OS), which can handle the newly constructed IoT hardware, as well as new protocols and procedures for all communication levels, all of which are now in development, will pave the way for the future. When compared to other devices, these gadgets require a comparatively little amount of electricity, memory, and other resources. This has caused the scientific community to become more aware of the relevance of IoT device operating systems as a result of their findings. These devices may be made more versatile and powerful by including an operating system that contains real-time capabilities, kernel, networking, and other features, among other things. IEEE 802.15.4 networks are linked together using IPv6, which has a wide address space and so enables more devices to connect to the internet using the 6LoWPAN protocol. It is necessary to address some privacy and security issues that have arisen as a result of the widespread use of the Internet, notwithstanding the great benefits that have resulted. For the Internet of Things operating systems, this research has provided a network security architecture that ensures secure communication by utilizing the Cooja network simulator in combination with the Contiki operating system and demonstrate and explained how the nodes can protect from the network layer and physical layer attacks. Also, this research has depicted the energy consumption results of each designated node type during the authentication and communication process. Finally, proposed a few further improvements for the architecture which will enhance the network layer protection.

Intelligent transportation systems, such as connected vehicles, are able to establish real-time, optimized and collision-free communication with the surrounding ecosystem. Introducing the internet of things (IoT) in connected vehicles relies on deployment of massive scale sensors, actuators, electronic control units (ECUs) and antennas with embedded software and communication technologies. Combined with the lack of designed-in security for sensors and ECUs, this creates challenges for security engineers and architects to identify, understand and analyze threats so that actions can be taken to protect the system assets. This paper proposes a novel STRIDE-based threat model for IoT sensors in connected vehicle networks aimed at addressing these challenges. Using a reference architecture of a connected vehicle, we identify system assets in connected vehicle sub-systems such as devices and peripherals that mostly involve sensors. Moreover, we provide a prioritized set of security recommendations, with consideration to the feasibility and deployment challenges, which enables practical applicability of the developed threat model to help specify security requirements to protect critical assets within the sensor network.

Today billions of people are accessing the internet around the world. There is a need for new technology to provide security against malicious activities that can take preventive/ defensive actions against constantly evolving attacks. A new generation of technology that keeps an eye on such activities and responds intelligently to them is the intrusion detection system employing machine learning. It is difficult for traditional techniques to analyze network generated data due to nature, amount, and speed with which the data is generated. The evolution of advanced cyber threats makes it difficult for existing IDS to perform up to the mark. In addition, managing large volumes of data is beyond the capabilities of computer hardware and software. This data is not only vast in scope, but it is also moving quickly. The system architecture suggested in this study uses SVM to train the model and feature selection based on the information gain ratio measure ranking approach to boost the overall system's efficiency and increase the attack detection rate. This work also addresses the issue of false alarms and trying to reduce them. In the proposed framework, the UNSW-NB15 dataset is used. For analysis, the UNSW-NB15 and NSL-KDD datasets are used. Along with SVM, we have also trained various models using Naive Bayes, ANN, RF, etc. We have compared the result of various models. Also, we can extend these trained models to create an ensemble approach to improve the performance of IDS.

Realize the same-city and remote disaster recovery of the infectious disease network direct reporting system of the China Medical Archives Information Center. Method: A three-tier B/S/DBMS architecture is used in the disaster recovery center to deploy an infectious disease network direct reporting system, and realize data-level disaster recovery through remote replication technology; realize application-level disaster recovery of key business systems through asynchronous data technology; through asynchronous the mode carries on the network direct report system disaster tolerance data transmission of medical files. The establishment of disaster recovery centers in different cities in the same city ensures the direct reporting system and data security of infectious diseases, and ensures the effective progress of continuity work. The results show that the efficiency of remote disaster recovery and backup based on big data has increased by 9.2%

In recent times, Network-on-Chip (NoC) has become state of the art for communication in Multiprocessor System-on-Chip due to the existing scalability issues in this area. However, these systems are exposed to security threats such as extraction of secret information. Therefore, the need for secure communication arises in such environments. In this work, we present a communication protocol based on authenticated encryption with recovery mechanisms to establish secure end-to-end communication between the NoC nodes. In addition, a selected key agreement approach required for secure communication is implemented. The security functionality is located in the network adapter of each processing element. If data is tampered with or deleted during transmission, recovery mechanisms ensure that the corrupted data is retransmitted by the network adapter without the need of interference from the processing element. We simulated and implemented the complete system with SystemC TLM using the NoC simulation platform PANACA. Our results show that we can keep a high rate of correctly transmitted information even when attackers infiltrated the NoC system.

As the COVID-19 pandemic scattered businesses and their workforces into new scales of remote work, vital security concerns arose surrounding remote access. Bring Your Own Device (BYOD) also plays a growing role in the ability of companies to support remote workforces. As more enterprises embrace concepts of zero trust in their network security posture, access control policy management problems become a more significant concern as it relates to BYOD security enforcement. This BYOD security policy must enable work from home, but enterprises have a vested interest in maintaining the security of their assets. Therefore, the BYOD security policy must strike a balance between access, security, and privacy, given the personal device use. This paper explores the challenges and opportunities of enabling zero trust in BYOD use cases. We present a BYOD policy specification to enable the zero trust access control known as BYOZ. Accompanying this policy specification, we have designed a network architecture to support enterprise zero trust BYOD use cases through the novel incorporation of continuous authentication & authorization enforcement. We evaluate our architecture through a demo implementation of BYOZ and demonstrate how it can meet the needs of existing enterprise networks using BYOD.

The proliferation of linked devices in decisive infrastructure fields including health care and the electric grid is transforming public perceptions of critical infrastructure. As the world grows more mobile and connected, as well as as the Internet of Things (IoT) expands, the growing interconnectivity of new critical sectors is being fuelled. Interruptions in any of these areas can have ramifications across numerous sectors and potentially the world. Crucial industries are critical to contemporary civilization. In today's hyper-connected world, critical infrastructure is more vulnerable than ever to cyber assaults, whether they are state-sponsored, carried out by criminal organizations, or carried out by individuals. In a world where more and more gadgets are interconnected, hackers have more and more entry points via which they may damage critical infrastructure. Significant modifications to an organization's main technological systems have created a new threat surface. The study's goal is to raise awareness about the challenges of protecting digital infrastructure in the future while it is still in development. Fog architecture is designed based on functionality once the infrastructure that creates large data has been established. There's also an in-depth look of fog-enabled IoT network security requirements. The next section examines the security issues connected with fog computing, as well as the privacy and trust issues raised by fog-enabled Internet of Things (IoT). Block chain is also examined to see how it may help address IoT security problems, as well as the complimentary interrelationships between block-chain and fog computing. Additionally, Formalizes big data security goal and scope, develops taxonomy for identifying risks to fog-based Internet of Things systems, compares current development contributions to security service standards, and proposes interesting study areas for future studies, all within this framework

Design a new generation of smart power meter components, build a smart power network, implement power meter safety protection, and complete smart power meter network security protection. The new generation of smart electric energy meters mainly complete legal measurement, safety fee control, communication, control, calculation, monitoring, etc. The smart power utilization structure network consists of the master station server, front-end processor, cryptographic machine and master station to form a master station management system. Through data collection and analysis, the establishment of intelligent energy dispatching operation, provides effective energy-saving policy algorithms and strategies, and realizes energy-smart electricity use manage. The safety protection architecture of the electric energy meter is designed from the aspects of its own safety, full-scenario application safety, and safety management. Own security protection consists of hardware security protection and software security protection. The full-scene application security protection system includes four parts: boundary security, data security, password security, and security monitoring. Security management mainly provides application security management strategies and security responsibility division strategies. The construction of the intelligent electric energy meter network system lays the foundation for network security protection.

With the growing number of IoT applications and devices, IoT security breaches are a dangerous reality. Cost pressure and complexity of security tests for embedded systems and networked infrastructure are often the excuse for skipping them completely. In our paper we introduce SecLab security test lab to overcome that problem. Based on a flexible and lightweight architecture, SecLab allows developers and IoT security specialists to harden their systems with a low entry hurdle. The open architecture supports the reuse of existing external security test libraries and scalability for the assessment of complex IoT Systems. A reference implementation of security tests in a realistic IoT application scenario proves the approach.

Smart cities deploy large numbers of sensors and collect a tremendous amount of data from them. For example, Advanced Metering Infrastructures (AMIs), which consist of physical meters that collect usage data about public utilities such as power and water, are an important building block in a smart city. In a typical sensor network, the measurement devices are connected through a computer network, which exposes them to cyber attacks. Furthermore, the data is centrally managed at the operator’s servers, making it vulnerable to insider threats.Our goal is to protect the integrity of data collected by large-scale sensor networks and the firmware in measurement devices from cyber attacks and insider threats. To this end, we first develop a comprehensive threat model for attacks against data and firmware integrity, which can target any of the stakeholders in the operation of the sensor network. Next, we use our threat model to analyze existing defense mechanisms, including signature checks, remote firmware attestation, anomaly detection, and blockchain-based secure logs. However, the large size of the Trusted Computing Base and a lack of scalability limit the applicability of these existing mechanisms. We propose the Feather-Light Blockchain Infrastructure (FLBI) framework to address these limitations. Our framework leverages a two-layer architecture and cryptographic threshold signature chains to support large networks of low-capacity devices such as meters and data aggregators. We have fully implemented the FLBI’s end-to-end functionality on the Hyperledger Fabric and private Ethereum blockchain platforms. Our experiments show that the FLBI is able to support millions of end devices.

Accurate and synchronized timing information is required by power system operators for controlling the grid infrastructure (relays, Phasor Measurement Units (PMUs), etc.) and determining asset positions. Satellite-based global positioning system (GPS) is the primary source of timing information. However, GPS disruptions today (both intentional and unintentional) can significantly compromise the reliability and security of our electric grids. A robust alternate source for accurate timing is critical to serve both as a deterrent against malicious attacks and as a redundant system in enhancing the resilience against extreme events that could disrupt the GPS network. To achieve this, we rely on the highly accurate, terrestrial atomic clock-based network for alternative timing and synchronization. In this paper, we discuss an experimental setup for an alternative timing approach. The data obtained from this experimental setup is continuously monitored and analyzed using various time deviation metrics. We also use these metrics to compute deviations of our clock with respect to the National Institute of Standards and Technologys (NIST) GPS data. The results obtained from these metric computations are elaborately discussed. Finally, we discuss the integration of the procedures involved, like real-time data ingestion, metric computation, and result visualization, in a novel microservices-based architecture for situational awareness.

Common Vulnerability Scoring System (CVSS) is intended to capture the key characteristics of a vulnerability and correspondingly produce a numerical score to indicate the severity. Important efforts are conducted for building a CVSS stochastic model in order to provide a high-level risk assessment to better support cybersecurity decision-making. However, these efforts consider nothing regarding HPC (High-Performance Computing) networks using a Science Demilitary Zone (DMZ) architecture that has special design principles to facilitate data transition, analysis, and store through in a broadband backbone. In this paper, an HPCvul (CVSS-based vulnerability and risk assessment) approach is proposed for HPC networks in order to provide an understanding of the ongoing awareness of the HPC security situation under a dynamic cybersecurity environment. For such a purpose, HPCvul advocates the standardization of the collected security-related data from the network to achieve data portability. HPCvul adopts an attack graph to model the likelihood of successful exploitation of a vulnerability. It is able to merge multiple attack graphs from different HPC subnets to yield a full picture of a large HPC network. Substantial results are presented in this work to demonstrate HPCvul design and its performance.

Nowadays, the messaging system is one of the most popular mobile applications, and therefore the authentication between clients is essential. Various kinds of such mobile applications are using encryption-based security protocols, but they are facing many security threat issues. It clearly defines the necessity for a trustful security procedure. Therefore, a blockchain-based messaging system could be an alternative to this problem. That is why, we have developed a secured peer-to-peer messaging system supported by blockchain. This proposed mechanism provides data security among the users. In a blockchain-based framework, all the information can be verified and controlled automatically and all the transactions are recorded that have been created already. In our paper, we have explained how the users can communicate through a blockchain-based messaging system that can maintain a secured network. We explored why blockchain would improve communication security in this post, and we proposed a model architecture for blockchain-based messaging that retains the performance and security of data stored on the blockchain. Our proposed architecture is completely decentralized and enables users to send and receive messages in an acceptable and secure manner.

The architecture and functioning of the electricity markets are rapidly evolving in favour of solutions based on real-time data sharing and decentralised, distributed, renewable energy generation. Peer-to-peer (P2P) energy markets allow two individuals to transact with one another without the need of intermediaries, reducing the load on the power grid during peak hours. However, such a P2P energy market is prone to various cyber attacks. Blockchain technology has been proposed to implement P2P energy trading to support this change. One of the most crucial components of blockchain technology in energy trading is the consensus mechanism. It determines the effectiveness and security of the blockchain for energy trading. However, most of the consensus used in energy trading today are traditional consensus such as Proof-of-Work (PoW) and Practical Byzantine Fault Tolerance (PBFT). These traditional mechanisms cannot be directly adopted in P2P energy trading due to their huge computational power, low throughput, and high latency. Therefore, we propose the Block Alliance Consensus (BAC) mechanism based on Hashgraph. In a massive P2P energy trading network, BAC can keep Hashgraph's throughput while resisting Sybil attacks and supporting the addition and deletion of energy participants. The high efficiency and security of BAC and the blockchain-based energy trading platform are verified through experiments: our improved BAC has an average throughput that is 2.56 times more than regular BFT, 5 times greater than PoW, and 30% greater than the original BAC. The improved BAC has an average latency that is 41% less than BAC and 81% less than original BFT. Our energy trading blockchain (ETB)'s READ performance can achieve the most outstanding throughput of 1192 tps at a workload of 1200 tps, while WRITE can achieve 682 tps at a workload of 800 tps with a success rate of 95% and 0.18 seconds of latency.

The Internet of Things (IoT) aims to introduce pervasive computation into the human environment. The processing on a cloud platform is suggested due to the IoT devices' resource limitations. High latency while transmitting IoT data from its edge network to the cloud is the primary limitation. Modern IoT applications frequently use fog computing, an unique architecture, as a replacement for the cloud since it promises faster reaction times. In this work, a fog layer is introduced in smart vital sign monitor design in order to serve faster. Context aware computing makes use of environmental or situational data around the object to invoke proactive services upon its usable content. Here in this work the fog layer is intended to provide local data storage, data preprocessing, context awareness and timely analysis.

Smart Security Solutions are in high demand with the ever-increasing vulnerabilities within the IT domain. Adjusting to a Work-From-Home (WFH) culture has become mandatory by maintaining required core security principles. Therefore, implementing and maintaining a secure Smart Home System has become even more challenging. ARGUS provides an overall network security coverage for both incoming and outgoing traffic, a firewall and an adaptive bandwidth management system and a sophisticated CCTV surveillance capability. ARGUS is such a system that is implemented into an existing router incorporating cloud and Machine Learning (ML) technology to ensure seamless connectivity across multiple devices, including IoT devices at a low migration cost for the customer. The aggregation of the above features makes ARGUS an ideal solution for existing Smart Home System service providers and users where hardware and infrastructure is also allocated. ARGUS was tested on a small-scale smart home environment with a Raspberry Pi 4 Model B controller. Its intrusion detection system identified an intrusion with 96% accuracy while the physical surveillance system predicts the user with 81% accuracy.

The phenomenon known as "Internet ossification" describes the process through which certain components of the Internet’s older design have become immovable at the present time. This presents considerable challenges to the adoption of IPv6 and makes it hard to implement IP multicast services. For new applications such as data centers, cloud computing and virtualized networks, improved network availability, improved internal and external domain routing, and seamless user connectivity throughout the network are some of the advantages of Internet growth. To meet these needs, we've developed Software Defined Networking for the Future Internet (SDN). When compared to current networks, this new paradigm emphasizes control plane separation from network-forwarding components. To put it another way, this decoupling enables the installation of control plane software (such as Open Flow controller) on computer platforms that are substantially more powerful than traditional network equipment (such as switches/routers). This research describes Mininet’s routing techniques for a virtualized software-defined network. There are two obstacles to overcome when attempting to integrate SDN in an LTE/WiFi network. The first problem is that external network load monitoring tools must be used to measure QoS settings. Because of the increased demand for real-time load balancing methods, service providers cannot adopt QoS-based routing. In order to overcome these issues, this research suggests a router configuration method. Experiments have proved that the network coefficient matrix routing arrangement works, therefore it may provide an answer to the above-mentioned concerns. The Java-based SDN controller outperforms traditional routing systems by nine times on average highest sign to sound ratio. The study’s final finding suggests that the field’s future can be forecast. We must have a thorough understanding of this emerging paradigm to solve numerous difficulties, such as creating the Future Internet and dealing with its obliteration problem. In order to address these issues, we will first examine current technologies and a wide range of current and future SDN projects before delving into the most important issues in this field in depth.

The Robotic Operating System (ROS) is a popular framework for robotics research and development. It's a system that provides hardware abstraction with low-level device management to handle communications and services. ROS is a distributed system, which allows various nodes in a network to communicate using a method such as message passing. When integrating systems using ROS, it is vital to consider the security and privacy of the data and information shared across ROS nodes, which is considered to be one of the most challenging aspects of ROS systems. The goal of this study is to examine the ROS architecture, primary components, and versions, as well as the types of vulnerabilities that might compromise the system. In order to achieve the CIA's three fundamental security criteria on a ROS-based platform, we categorized these vulnerabilities and looked into various security solutions proposed by researchers. We provide a comparative analysis of the ROS-related security solutions, the security threats and issues they addressed, the targeted architecture of the protection or defense system, the solution's evaluation methodology and the evaluation metric, and the limitations that might be viewed as unresolved issues for the future course of action. Finally, we look into future possibilities and open challenges to assist researchers to develop more secure and efficient ROS systems.

Network security isolation technology is an important means to protect the internal information security of enterprises. Generally, isolation is achieved through traditional network devices, such as firewalls and gatekeepers. However, the security rules are relatively rigid and cannot better meet the flexible and changeable business needs. Through the double sandbox structure created for each user, each user in the virtual machine is isolated from each other and security is ensured. By creating a virtual disk in a virtual machine as a user storage sandbox, and encrypting the read and write of the disk, the shortcomings of traditional network isolation methods are discussed, and the application of cloud desktop network isolation technology based on VMwarer technology in universities is expounded.

Software-Defined Networking (SDN) can be a good option to support Industry 4.0 (4IR) and 5G wireless networks. SDN can also be a secure networking solution that improves the security, capability, and programmability in the networks. In this paper, we present and analyze an SDN-based security architecture for 4IR with 5G. SDN is used for increasing the level of security and reliability of the network by suitably dividing the whole network into data, control, and applications planes. The SDN control layer plays a beneficial role in 4IR with 5G scenarios by managing the data flow properly. We also evaluate the performance of the proposed architecture in terms of key parameters such as data transmission rate and response time.