Visible Light Security 2022 - In this paper, we address the secure data transmission through visible light communication (VLC) using physical layer security (PLS) techniques and particularly, optical beamforming with the zero-forcing algorithm. More precisely, we consider the secrecy capacity of classical multiple-input singleoutput VLC so that the system can deal with eavesdroppers by minimizing the secrecy outage probability (SOP). The considered wireless channel is modeled by the Gaussian distribution, which is subject to amplitude constraints. We quantify the achievable secrecy capacity and SOP for the conventional lineof-sight VLC link and show that how the beamforming can determine the optimal placement of the transmitters. We also show that for a given SOP, the proposed optimal placement offers a signal-to-noise ratio gain of up to 6 dB compared to classical methods such as uniform placement of the transmitters. Our numerical results indicate that the proposed optimal LED arrangement can achieve an SOP of 10−10 while the SOP with uniform arrangement is equal to 10−4.

Visible Light Security 2022 - One of the critical components of the extracting and monitoring process in the gas and oil sector is the downhole telemetry system. As sensors resistant to high temperature and pressure have been developed, more parameters can be monitored to increase safety and efficiency. Increased bandwidth demand for downhole communications necessitated the development of a novel, dependable, and low-cost communication network. Visible light communications (VLC) have been suggested in the literature for downhole telemetry systems, since they can address the bandwidth needs thanks to the huge available spectrum. However, the gas types used in the literature so far are not sufficient enough to examine the real field conditions. In this study, after the challenges surrounding the use of VLC in downhole gas pipeline telemetry/monitoring systems are discussed, the performance of VLC is investigated by injecting a large variety of gas into the carbon steel covered gas pipeline, such as methane, and ethane, carbon dioxide. The effectiveness of the VLC system using a non-uniformly clipped optic orthogonal frequency division multiplexing (ACO-OFDM) modulation scheme with 128-FFT and guarding band is experimentally investigated. Furthermore, the impact of the light-emitting diode (LED) colors on a VLC-based downhole telemetry system is also discussed. The measurement results indicate that the color of the LED affects the performance as the dominance of the noise decreases after the 7dB signal-tonoise ratio (SNR) region.

Visible Light Security 2022 - Wireless-fidelity (Wi-Fi) and Bluetooth are examples of modern wireless communication technologies that employ radio waves as the primary channel for data transmission. but it ought to find alternatives over the limitation and interference in the radio frequency (RF) band. For viable alternatives, visible light communication (VLC) technology comes to play as Light Fidelity (Li-Fi) which uses visible light as a channel for delivering very highspeed communication in a Wi-Fi way. In terms of availability, bandwidth, security and efficiency, Li-Fi is superior than Wi-Fi. In this paper, we present a Li-Fi-based indoor communication system. prototype model has been proposed for single user scenario using visible light portion of electromagnetic spectrum. This system has been designed for audio data communication in between the users in transmitter and receiver sections. LED and photoresistor have been used as optical source and receiver respectively. The electro-acoustic transducer provides the required conversion of electrical-optical signal in both ways. This system might overcome problems like radio-frequency bandwidth scarcity However, its major problem is that it only works when it is pointed directly at the target..

Visible Light Security 2022 - We propose a novel security communication scheme for underwater visible light communication (UVLC) based on frequency domain symmetrical zero-padding and phase scrambling. The security key is a logistic mapping generated by chaos mapping. Robust security performance is experimentally demonstrated by a PAM-8 modulated UVLC system over 1.2m underwater transmission link. The maximum data rate can be achieved at 2.025Gb/s under 7\% hard decision forward error correction (HD-FEC) limit of 3.8×10−3, clearly verifying the feasibility of the proposed scheme as a promising solution in future UVLC system.

Visible Light Security 2022 - Visible light communication (VLC) is a shortrange wireless optical communication that can transmit data by switching lighting elements at high speeds in indoor areas. In common areas, VLC can provide data security at every layer of communication by using physical layer security (PLS) techniques as well as existing cryptography-based techniques. In the literature, PLS techniques have generally been studied for monochrome VLC systems, and multicolor VLC studies are quite limited. In this study, to the best of authors’ knowledge, null steering (NS) and artificial noise (AN), which are widely used PLS methods, have been applied to multi-colored LEDbased VLC systems for the first time in the literature and the achievable secrecy rate has been calculated.

Web Caching Security 2022 - The world today is driving towards connections via the internet rather than social interaction. Hence modern- day businesses have a compelling need to update themselves and make their brand heard across the world. One of the most popular and recognized approaches is to develop a web application which acts as the face of their company over the Internet. This paper presents the development of a Content Management System designed for a start-up that provides fitness sessions to people across the world. The CMS comprises various modules such as user management, individual sessions handling, group sessions handling, course management along with functions including multi-currency and multi-time zone support, telecommunication interfacing, notification system and payment gateway integration. This paper also discusses on the security and caching mechanisms used to improve the security and the scalability of the proposed CMS. The application is designed to overcome the geographical barrier by handling currencies and timezones based on the locality of the user and incorporates a reliable payment and business communication platform. The technological stack includes Dynamic HTML for frontend, Django framework for backend, PostgreSQL and Redis for database management along with Celery task queues, deployed using Docker.

Web Caching Security 2022 - Today’s web applications feature the proliferation of third-party JavaScript inclusion, which incurs a range of security risks. Although attack strategies by manipulating third-party JavaScript files have been widely investigated, the adverse impact caused by third-party JavaScript inclusion and caching does not receive much attention. Specifically, when a malicious script is cached, it can revive and bite every time when a user visits any website that includes it, leading to a much worse effect of the attack. In this paper, we present the first comprehensive study on Alexa top one million websites to investigate how likely thirdparty JavaScript inclusion and caching can make an attack largescale and long-lasting, and further to uncover insecure practices that carelessly or inadvertently exacerbate the attack impact. We also discuss potential solutions to improve current practices to minimize the security risk associated with third-party JavaScript inclusion and caching.

The world today is driving towards connections via the internet rather than social interaction. Hence modern- day businesses have a compelling need to update themselves and make their brand heard across the world. One of the most popular and recognized approaches is to develop a web application which acts as the face of their company over the Internet. This paper presents the development of a Content Management System designed for a start-up that provides fitness sessions to people across the world. The CMS comprises various modules such as user management, individual sessions handling, group sessions handling, course management along with functions including multi-currency and multi-time zone support, telecommunication interfacing, notification system and payment gateway integration. This paper also discusses on the security and caching mechanisms used to improve the security and the scalability of the proposed CMS. The application is designed to overcome the geographical barrier by handling currencies and timezones based on the locality of the user and incorporates a reliable payment and business communication platform. The technological stack includes Dynamic HTML for frontend, Django framework for backend, PostgreSQL and Redis for database management along with Celery task queues, deployed using Docker.

Today’s web applications feature the proliferation of third-party JavaScript inclusion, which incurs a range of security risks. Although attack strategies by manipulating third-party JavaScript files have been widely investigated, the adverse impact caused by third-party JavaScript inclusion and caching does not receive much attention. Specifically, when a malicious script is cached, it can revive and bite every time when a user visits any website that includes it, leading to a much worse effect of the attack. In this paper, we present the first comprehensive study on Alexa top one million websites to investigate how likely thirdparty JavaScript inclusion and caching can make an attack largescale and long-lasting, and further to uncover insecure practices that carelessly or inadvertently exacerbate the attack impact. We also discuss potential solutions to improve current practices to minimize the security risk associated with third-party JavaScript inclusion and caching.

Science of Security 2022 - In order to overcome new business changes that bring new security threats and challenges to many Industrial Internet of Things (IIoT) fields such as smart grids, smart factories, and smart transportation, the paper proposed the architecture of the industrial Internet of Things system, and analyzed the security threats of the industrial Internet of Things system. Combining various attack methods, targeted security protection strategies for the perception layer, network layer, platform layer and application layer are designed. The results show that the security protection strategy can effectively meet the security protection requirements of IIoT systems.

Science of Security 2022 - To prevent all sorts of attacks, the technology of security service function chains (SFC) is proposed in recent years, it becomes an attractive research highlights. Dynamic orchestration algorithm can create SFC according to the resource usage of network security functions. The current research on creating SFC focuses on a single domain. However in reality the large and complex networks are divided into security domains according to different security levels and managed separately. Therefore, we propose a cross-security domain dynamic orchestration algorithm to create SFC for network security functions based on ant colony algorithm(ACO) and consider load balancing, shortest path and minimum delay as optimization objectives. We establish a network security architecture based on the proposed algorithm, which is suitable for the industrial vertical scenarios, solves the deployment problem of the dynamic orchestration algorithm. Simulation results verify that our algorithm achieves the goal of creating SFC across security domains and demonstrate its performance in creating service function chains to resolve abnormal traffic flows.

Science of Security 2022 - As a new industry integrated by computing, communication, networking, electronics, and automation technology, the Internet of Vehicles (IoV) has been widely concerned and highly valued at home and abroad. With the rapid growth of the number of intelligent connected vehicles, the data security risks of the IoV have become increasingly prominent, and various attacks on data security emerge in an endless stream. This paper firstly introduces the latest progress on the data security policies, regulations, standards, technical routes in major countries and regions, and international standardization organizations. Secondly, the characteristics of the IoV data are comprehensively analyzed in terms of quantity, standard, timeliness, type, and cross-border transmission. Based on the characteristics, this paper elaborates the security risks such as privacy data disclosure, inadequate access control, lack of identity authentication, transmission design defects, cross-border flow security risks, excessive collection and abuse, source identification, and blame determination. And finally, we put forward the measures and suggestions for the security development of IoV data in China.

Science of Security 2022 - Security is a critical aspect in the process of designing, developing, and testing software systems. Due to the increasing need for security-related skills within software systems, there is a growing demand for these skills to be taught in computer science. A series of security modules was developed not only to meet the demand but also to assess the impact of these modules on teaching critical cyber security topics in computer science courses. This full paper in the innovative practice category presents the outcomes of six security modules in a freshman-level course at two institutions. The study adopts a Model-Eliciting Activity (MEA) as a project for students to demonstrate an understanding of the security concepts. Two experimental studies were conducted: 1) Teaching effectiveness of implementing cyber security modules and MEA project, 2) Students’ experiences in conceptual modeling tasks in problem-solving. In measuring the effectiveness of teaching security concepts with the MEA project, students’ performance, attitudes, and interests as well as the instructor’s effectiveness were assessed. For the conceptual modeling tasks in problem-solving, the results of student outcomes were analyzed. After implementing the security modules with the MEA project, students showed a great understanding of cyber security concepts and an increased interest in broader computer science concepts. The instructor’s beliefs about teaching, learning, and assessment shifted from teacher-centered to student-centered during their experience with the security modules and MEA project. Although 64.29\% of students’ solutions do not seem suitable for real-world implementation, 76.9\% of the developed solutions showed a sufficient degree of creativity.

Science of Security 2022 - With the proposal of the major strategy of "network power" and the establishment of the first level discipline of "Cyberspace security", the training of Cyberspace security talents in China has entered a period of strategic development. Firstly, this paper defines the concept of postgraduate education quality, and analyzes the characteristics of postgraduate education and its quality guarantee of Cyberspace security specialty, especially expounds the difference with information security major. Then, on the basis of introducing the concept of comprehensive quality, this paper expounds the feasibility and necessity of establishing the quality guarantee system of Cyberspace security postgraduate education based on comprehensive view under the background of new engineering. Finally, the idea of total quality management is applied to the training process of postgraduate in Cyberspace security. Starting from the four aspects of establishing a standard system, optimizing the responsibility team, innovating the evaluation mechanism and creating a cultural environment, the framework of quality guarantee system for the training of postgraduate in Cyberspace security based on a comprehensive view is constructed.

Science of Security 2022 - This paper introduces the principle of public security electronic fence, analyzes the current situation and future demand of public security electronic fence application in policing, and points out the problems in equipment deployment. A public security electronic fence deployment method based on an improved artificial immunity algorithm is proposed for the above scenario, and specific solutions are given for model establishment, parameter settings, and other problems. Finally, an arithmetic analysis of the simulated scenario is carried out, and the results show that the results of using the improved immune algorithm to solve the public security electronic fence deployment problem are very reasonable and reliable, and have wide reference and promotion significance.

Science of Security 2022 - In this paper, the reader s attention is directed to the problem of inefficiency of the add-on information security tools, that are installed in operating systems, including virtualization systems. The paper shows the disadvantages, that significantly affect the maintenance of an adequate level of security in the operating system. The results allowing to control all areas hierarchical of protection of the specialized operating system are presented.

Science of Security 2022 - To improve the quality of network security service, the physical device service mode in traditional security service is improved, and the NFV network security service system is constructed by combining software defined networking (SDN) and network function virtualization technology (NFV). Where, network service is provided in the form of security service chain, and Web security scan service is taken as the task, finally the implementation and verification of the system are carried out. The test result shows that the security service system based on NFV can balance the load between the security network service devices in the Web security scan, which proves that the network security system based on software defined security and NFV technology can meet certain service requirements, and lays the research foundation for the improvement of the subsequent user network security service.

Science of Security 2022 - At present, production and daily life increasingly rely on the Internet of Things, and the network security problem of the Internet of Things is becoming increasingly prominent. Therefore, it is extremely important to ensure the network security of the Internet of Things through various technical means. The security of IoT terminal access behavior is an important part of IoT network security, so it is an important research object in the field of network security. In order to increase the security of IoT terminal access, a security evaluation model based on zero trust is proposed. After the simulation performance test of the model, it is found that the model shows excellent detection ability of malicious access behavior and system stability in different network environments. Under the premise that some network nodes are infected, the model proposed in the study still shows a significantly higher ratio of trusted nodes than other algorithms, The research results show that the model can improve the security level of the Internet of Things network to a certain extent.

Science of Security 2022 - Web application security testing is vital for preventing any security flaws in the design of web applications. A major challenge in web security testing is the continuous change and evolution of web design tools and modules. As such, most open source tools may not be up to date with catching up with recent technologies. In this paper, we reported our effort and experience testing our recently developed website (https://mysmartsa.com/). We utilized and reported vulnerabilities from several open-source security testing tools. We also reported efforts to debug and fix those security issues throughout the development process.

Quantum Computing Security 2022 - Emerging quantum algorithms that process data require that classical input data be represented as a quantum state. These data-processing algorithms often follow the gate model of quantum computing—which requires qubits to be initialized to a basis state, typically \textbar0 —and thus often employ state generation circuits to transform the initialized basis state to a data-representation state. There are many ways to encode classical data in a qubit, and the oft-applied approach of basis encoding does not allow optimization to the extent that other variants do. In this work, we thus consider automatic synthesis of addressable, quantum read-only memory (QROM) circuits, which act as data-encoding state-generation circuits. We investigate three data encoding approaches, one of which we introduce to provide improved dynamic range and precision. We present experimental results that compare these encoding methods for QROM synthesis to better understand the implications of and applications for each.

Quantum Computing Security 2022 - As the development of quantum computing hardware is on the rise, its potential application to various research areas has been investigated, including to machine learning. Recently, there have been several initiatives to expand the work to quantum federated learning (QFL). However, challenges arise due to the fact that quantum computation poses different characteristics from classical computation, giving an even more challenge for a federated setting. In this paper, we present a highlevel overview of the current state of research in QFL. Furthermore, we also describe in brief about quantum computation and discuss its present limitations in relation to QFL development. Additionally, possible approaches to deploy QFL are explored. Lastly, remarks and challenges of QFL are also presented.

Quantum Computing Security 2022 - Quantum kernels map data to higher dimensions for classification and have been shown to have an advantage over classical methods. In our work, we generalize recent results in binary quantum kernels to multivalued logic by using higher dimensional entanglement to create a qudit memory and show that the use of qudits offers advantages in terms of quantum memory representation as well as enhanced resolution in the outcome of the kernel calculation. Our method is not only capable of finding the kernel inner product of higher dimensional data but can also efficiently and concurrently compute multiple instances of quantum kernel computations in linear time. We discuss how this method increases efficiency and resolution for various distance-based classifiers that require large datasets when accomplished with higher-dimensioned quantum data encodings. We provide experimental results of our qudit kernel calculations with different data encoding methods through the use of a higher-dimensioned quantum computation simulator.

Quantum Computing Security 2022 - Recent advances in quantum computing have highlighted the vulnerabilities in contemporary RSA encryption. Shor’s approach for factoring numbers is becoming more tractable as quantum computing advances. This jeopardizes the security of any cryptographic system that is based on the complexity of factorisation. Many other crypto-systems based on theories like Elliptic Curve Cryptography are also vulnerable. To keep a cryptographic system safe against a quantum adversary, we must develop approaches based on a hard mathematical problem that is not vulnerable to quantum computer attacks, and we must develop Post Quantum Cryptography (PQC). One potential option is the use of lattices in a system called ring Learning with Errors (rLWE). Several techniques for postquantum encryption have been submitted to NIST. This paper studies the different speeds of different lattice-based protocols.

Quantum Computing Security 2022 - Cloud computing has turned into an important technology of our time. It has drawn attention due to its, availability, dynamicity, elasticity and pay as per use pricing mechanism this made multiple organizations to shift onto the cloud platform. It leverages the cloud to reduce administrative and backup overhead. Cloud computing offers a lot of versatility. Quantum technology, on the other hand, advances at a breakneck pace. Experts anticipate a positive outcome and predict that within the next decade, powerful quantum computers will be available. This has and will have a substantial impact on various sciences streams such as cryptography, medical research, and much more. Sourcing applications for business and informational data to the cloud, presents privacy and security concerns, which have become crucial in cloud installation and services adoption. To address the current security weaknesses, researchers and impacted organizations have offered several security techniques in the literature. The literature also gives a thorough examination of cloud computing security and privacy concerns.