The practical Internet of Things at the current stage still persists in handling an energy minimized network. For a proper network communication an energy consumption of 80\% is indulged only on the communication setup. 6LoWSD (6LoWPAN Software Defined) is an SDN based IoT network protocol developed to minimized the IoT constraints. The SDN’s feature of decoupling the controller plane from the data plane enhances the network efficiency. These target conducts towards data rate, traffic, throughput and duty cycling management. Besides these it also provides a sense of flexibility towards program-ability for the current IoT networks. Efficient power system is a highly Important domain which needed for handling the stability for the whole SDN-IoT system. An effort towards enveloping state transition schedulers for energy optimization has been experimented in this paper.
Authored by Wanbanker Khongbuh, Goutam Saha
The resource-constrained IPV6-based low power and lossy network (6LowPAN) is connected through the routing protocol for low power and lossy networks (RPL). This protocol is subject to a routing protocol attack called a rank attack (RA). This paper presents a performance evaluation where leveraging model-free reinforcement-learning (RL) algorithms helps the software-defined network (SDN) controller achieve a cost-efficient solution to prevent the harmful effects of RA. Experimental results demonstrate that the state action reward state action (SARSA) algorithm is more effective than the Q-learning (QL) algorithm, facilitating the implementation of intrusion prevention systems (IPSs) in software-defined 6LowPANs.
Authored by Christian Moreira, Georges Kaddoum
Scientific and technological advancements, particularly in IoT, have greatly enhanced the quality of life in society. Nevertheless, resource constrained IoT devices are now connected to the Internet through IPv6 and 6LoWPAN networks, which are often unreliable and untrusted. Securing these devices with robust security measures poses a significant challenge. Despite implementing encryption and authentication, these devices remain vulnerable to wireless attacks from within the 6LoWPAN network and from the Internet. Researchers have developed various methods to prevent attacks on the RPL protocol within the 6LoWPAN network. However, each method can only detect a limited number of attack types, and there are still several drawbacks that require improvement. This study aims to implement several attack prevention methods, such as Lightweight Heartbeat Protocol, SVELTE, and Contiki IDS. The study will provide an overview of these methods theories and simulate them on Contiki OS using Cooja software to assess their performance. The study s results demonstrate a correlation between the simulated data and the proposed theories. Furthermore, the study identifies and evaluates the strengths and weaknesses of these methods, highlighting areas that can be improved upon.
Authored by Tran Duc, Vo Son
Through the thorough exploration of the adaptive filter structure and the LMS adaptive filter algorithm, the filter performance of the adaptive filter algorithm can be clearly mastered.The solution formula of LMS algorithm is based on it, and DSP software programming and Matlab simulation programming methods are used to lay the foundation for the effective implementation of LMS algorithm.Therefore, based on the adaptive filtering algorithm, the embedded software simulation development system is analyzed to help the application of adaptive filtering theory.
Authored by Jing Cai
In recent years, with the globalization of semiconductor processing and manufacturing, integrated circuits have gradually become vulnerable to malicious attackers. In order to detect Hardware Trojans (HTs) hidden in integrated circuits, it has become one of the hottest issues in the field of hardware security. In this paper, we propose to apply Principal Component Analysis (PCA) and Support Vector Machine (SVM) to hardware Trojan detection, using PCA algorithm to extract features from small differences in side channel information, and then obtain the principal components. The SVM detection model is optimized by means of cross-validation and logarithmic interval. Finally, it is determined whether the original circuit contains a hardware Trojan. In the experiment, we use the SAKURA-G FPGA board, Agilent oscilloscope, and ISE simulation software to complete the experimental work. The test results of five different HTs show that the average True Positive Rate (TPR) of the proposed method for HTs can reach 99.48\%, along with an average True Negative Rate (TNR) of 99.2\%, and an average detection time of 9.66s.
Authored by Peng Liu, Liji Wu, Zhenhui Zhang, Dehang Xiao, Xiangmin Zhang, Lili Wang
With the development of streaming media, soft real-time system in today’s life could participate in the use of more extensive areas. The use frequency was also increasing. Consequently, modern processors were equipped with software control mechanisms such as DVFS (Dynamic Voltage Frequency Scaling) to allow operating systems to meet required performance while reducing power consumption. Therefore, we propose a task scheduling algorithm combined DVFS technology and time deterministic cyclic scheduling to achieve energy saving effect. First, the algorithm needed to minimize the preemption between tasks to reduce latency, so we created a buffer to save periodic tasks to avoid preemption. Second, to reduce the computational cost of the scheduling scheme, a scheduling template were designed to perform tasks. In this paper, the scheduling of periodic tasks, task scheduling would be designed when the task scheduling template would be fixed length. Besides, this algorithm supported that task could adopt appropriate voltage and frequency through DVFS technology in idle time under the condition of satisfying task dependence. Experimental analysis showed that the proposed algorithm could effectively reduce the system energy consumption while ensuring the completion of the task.
Authored by Xun Liu
Satellite technologies are used for both civil and military purposes in the modern world, and typical applications include Communication, Navigation and Surveillance (CNS) services, which have a direct impact several economic, social and environmental protection activity. The increasing reliance on satellite services for safety-of-life and mission-critical applications (e.g., transport, defense and public safety services) creates a severe, although often overlooked, security problem, particularly when it comes to cyber threats. Like other increasingly digitized services, satellites and space platforms are vulnerable to cyberattacks. Thus, the existence of cybersecurity flaws may pose major threats to space-based assets and associated key infrastructure on the ground. These dangers could obstruct global economic progress and, by implication, international security if they are not properly addressed. Mega-constellations make protecting space infrastructure from cyberattacks much more difficult. This emphasizes the importance of defensive cyber countermeasures to minimize interruptions and ensure efficient and reliable contributions to critical infrastructure operations. Very importantly, space systems are inherently complex Cyber-Physical System (CPS) architectures, where communication, control and computing processes are tightly interleaved, and associated hardware/software components are seamlessly integrated. This represents a new challenge as many known physical threats (e.g., conventional electronic warfare measures) can now manifest their effects in cyberspace and, vice-versa, some cyber-threats can have detrimental effects in the physical domain. The concept of cyberspace underlies nearly every aspect of modern society s critical activities and relies heavily on critical infrastructure for economic advancement, public safety and national security. Many governments have expressed the desire to make a substantial contribution to secure cyberspace and are focusing on different aspects of the evolving industrial ecosystem, largely under the impulse of digital transformation and sustainable development goals. The level of cybersecurity attained in this framework is the sum of all national and international activities implemented to protect all actions in the cyber-physical ecosystem. This paper focuses on cybersecurity threats and vulnerabilities in various segments of space CPS architectures. More specifically, the paper identifies the applicable cyber threat mechanisms, conceivable threat actors and the associated space business implications. It also presents metrics and strategies for countering cyber threats and facilitating space mission assurance.
Authored by Kathiravan Thangavel, Jordan Plotnek, Alessandro Gardi, Roberto Sabatini
The traditional threat modeling methodologies work well on a small scale, when evaluating targets such as a data field, a software application, or a system component—but they do not allow for comprehensive evaluation of an entire enterprise architecture. They also do not enumerate and consider a comprehensive set of actual threat actions observed in the wild. Because of the lack of adequate threat modeling methodologies for determining cybersecurity protection needs on an enterprise scale, cybersecurity executives and decision makers have traditionally relied upon marketing pressure as the main input into decision making for investments in cybersecurity capabilities (tools). A new methodology, originally developed by the Department of Defense then further expanded by the Department of Homeland Security, for the first time allows for a threat-based, end-to-end evaluation of cybersecurity architectures and determination of gaps or areas in need of future investments. Although in the public domain, this methodology has not been used outside of the federal government. This paper examines the new threat modeling approach that allows organizations to look at their cybersecurity protections from the standpoint of an adversary. The methodology enumerates threat actions that have been observed in the wild using a cyber threat framework and scores cybersecurity architectural capabilities for their ability to protect, detect, and recover from each threat action. The results of the analysis form a matrix called capability coverage map that visually represents the coverage, gaps, and overlaps against threat actions. The threat actions can be further prioritized using a threat heat map – a visual representation of the prevalence and maneuverability of threat actions that can be overlaid on top of a coverage map.
Authored by Branko Bokan, Joost Santos
The paper focus on the application of Systems Dynamics Modelling (SDM) for simulating socio-technical vulnerabilities of Advanced Persistent Threats (APT) to unravel Human Computer Interaction (HCI) for strategic visibility of threat actors. SDM has been widely applied to analyze nonlinear, complex, and dynamic systems in social sciences and technology. However, its application in the cyber security domain especially APT that involve complex and dynamic human computer interaction is a promising but scant research domain. While HCI deals with the interaction between one or more humans and between one or more computers for greater usability, this same interactive process is exploited by the APT actor. In this respect, using a data breach case study, we applied the socio-technical vulnerabilities classification as a theoretical lens to model socio and technical vulnerabilities on systems dynamics using Vensim software. The variables leading to the breach were identified, entered into Vensim software, and simulated to get the results. The results demonstrated an optimal interactive mix of one or more of the six socio variables and three technical variables leading to the data breach. SDM approach thus provides insights into the dynamics of the threat as well as throw light on the strategies to undertake for minimizing APT risks. This can assist in the reduction of the attack surface and reinforce mitigation efforts (prior to exfiltration) should an APT attack occur. In this paper, we thus propose and validate the application of system dynamics approach for designing a dynamic threat assessment framework for socio-technical vulnerabilities of APT.
Authored by Mathew Nicho, Shini Girija
Counteracting the most dangerous attacks –advanced persistent threats – is an actual problem of modern enterprises. Usually these threats aimed not only at information resources but also at software and hardware resources of automated systems of industrial plants. As a rule, attackers use a number of methods including social engineering methods. The article is devoted to development of the methods for timely prevention from advanced persistent threats based on analysis of attackers’ tactics. Special attention in the article is paid to methods for detection provocations of the modernization of protection systems, as well as methods for monitoring the state of resources of the main automated system. Technique of identification of suspicious changes in the resources is also considered in the article. The result of applying this set of methods will help to increase the protection level of automated systems’ resources.
Authored by Nataliya Kuznetsova, Tatiana Karlova, Alexander Bekmeshov
Internet of Things (IoT) devices are increasingly deployed nowadays in various security-sensitive contexts, e.g., inside homes or in critical infrastructures. The data they collect is of interest to attackers as it may reveal living habits, personal data, or the operational status of specific targets. This paper presents an approach to counter software manipulation attacks against running processes, data, or configuration files on an IoT device, by exploiting trusted computing techniques and remote attestation. We have used a Raspberry Pi 4 single-board computer device equipped with Infineon Trusted Platform Module (TPM) v2, acting as an attester. A verifier node continuously monitors the attester and checks its integrity through remote attestation protocol and TPM-enabled operations. We have exploited the Keylime framework from MIT Lincoln Laboratories as remote attestation software. Through tests, we show that remote attestation can be performed within short time (in order of seconds), allowing to restrict the window of exposure of such devices to attacks against the running software and/or hosted data.
Authored by Diana Berbecaru, Silvia Sisinni
Embedded smart devices are widely used in people s life, and the security problems of embedded smart devices are becoming more and more prominent. Meanwhile lots of methods based on software have been presented to boot the system safely and ensure the security of the system execution environment. However, it is easy to attack and destroy the methods based on software, which will cause that the security of the system cannot be guaranteed. Trusted Computing Group proposed the method of using Trusted Platform Module (TPM) to authenticate the credibility of the platform, which can solve the disadvantages of using methods based on software to protect the system. However, due to the limited resource and volume of embedded smart devices, it is impossible to deploy TPM on embedded smart devices to ensure the security of the system operating environment. Therefore, a novel trusted boot model for embedded smart devices without TPM is proposed in this paper, in which a device with TPM provides trusted service to realize the trusted boot of embedded smart devices without TPM through the network and ensure the credibility of the system execution environment.
Authored by Rui Wang, Yonghang Yan
This paper presents a case study about the initial phases of the interface design for an artificial intelligence-based decision-support system for clinical diagnosis. The study presents challenges and opportunities in implementing a human-centered design (HCD) approach during the early stages of the software development of a complex system. These methods are commonly adopted to ensure that the systems are designed based on users needs. For this project, they are also used to investigate the users potential trust issues and ensure the creation of a trustworthy platform. However, the project stage and heterogeneity of the teams can pose obstacles to their implementation. The results of the implementation of HCD methods have shown to be effective and informed the creation of low fidelity prototypes. The outcomes of this process can assist other designers, developers, and researchers in creating trustworthy AI solutions.
Authored by Gabriela Beltrao, Iuliia Paramonova, Sonia Sousa
The continuously growing importance of today’s technology paradigms such as the Internet of Things (IoT) and the new 5G/6G standard open up unique features and opportunities for smart systems and communication devices. Famous examples are edge computing and network slicing. Generational technology upgrades provide unprecedented data rates and processing power. At the same time, these new platforms must address the growing security and privacy requirements of future smart systems. This poses two main challenges concerning the digital processing hardware. First, we need to provide integrated trustworthiness covering hardware, runtime, and the operating system. Whereas integrated means that the hardware must be the basis to support secure runtime and operating system needs under very strict latency constraints. Second, applications of smart systems cover a wide range of requirements where "one- chip-fits-all" cannot be the cost and energy effective way forward. Therefore, we need to be able to provide a scalable hardware solution to cover differing needs in terms of processing resource requirements.In this paper, we discuss our research on an integrated design of a secure and scalable hardware platform including a runtime and an operating system. The architecture is built out of composable and preferably simple components that are isolated by default. This allows for the integration of third-party hardware/software without compromising the trusted computing base. The platform approach improves system security and provides a viable basis for trustworthy communication devices.
Authored by Friedrich Pauls, Sebastian Haas, Stefan Kopsell, Michael Roitzsch, Nils Asmussen, Gerhard Fettweis
In order to assess the fire risk of the intelligent buildings, a trustworthy classification model was developed, which provides model supporting for the classification assessment of fire risk in intelligent buildings under the urban intelligent firefight construction. The model integrates Bayesian Network (BN) and software trustworthy computing theory and method, designs metric elements and attributes to assess fire risk from four dimensions of fire situation, building, environment and personnel; BN is used to calculate the risk value of fire attributes; Then, the fire risk attribute value is fused into the fire risk trustworthy value by using the trustworthy assessment model; This paper constructs a trustworthy classification model for intelligent building fire risk, and classifies the fire risk into five ranks according to the trustworthy value and attribute value. Taking the Shanghai Jing’an 11.15 fire as an example case, the result shows that the method provided in this paper can perform fire risk assessment and classification.
Authored by Weilin Wu, Na Wang, Yixiang Chen
Taking the sellers’ trustworthiness as a mediation variable, this paper mainly examines the impact of online reviews on the consumers’ purchase decisions. Conducting an online survey, we collect the corresponding data to conduct the hypothesis test by using the SPSS software. We find that the quality of online reviews has a positive impact on consumers’ perceived values and sellers’ trustworthiness. The timeliness of online reviews has a positive impact on consumers’ perceived values, which can have a positive impact on sellers’ trustworthiness. An interesting observation indicates that the perceived values can indirectly influence consumers’ purchase decisions by taking sellers’ trustworthiness as a mediation variable. The sellers’ trustworthiness has a positive impact on consumers’ purchase decisions. We believe that our findings can help online sellers to better manage online reviews.
Authored by Xiaohu Qian, Yunxia Li, Mingqiang Yin, Fan Yang
Software trustworthiness evaluation (STE) is regarded as a Multi-Criteria Decision Making (MCDM) problem that consists of criteria. However, most of the current STE do not consider the relationships between criteria. This paper presents a software trustworthiness evaluation method based on the relationships between criteria. Firstly, the relationships between criteria is described by cooperative and conflicting degrees between criteria. Then, a measure formula for the substitutivity between criteria is proposed and the cooperative degree between criteria is taken as the approximation of the substitutivity between criteria. With the help of the substitutivity between criteria, the software trustworthiness measurement model obtained by axiomatic approaches is applied to aggregate the degree to which each optional software product meets each objective. Finally, the candidate software products are sorted according to the trustworthiness aggregation results, and the optimal product is obtained from the alternative software products on the basis of the sorting results. The effectiveness of the proposed method is demonstrated through case study.
Authored by Hongwei Tao
Cloud computing has since been turned into the most transcendental growth. This creative invention provides forms of technology and software assistance to companies. Cloud computing is a crucial concept for the distribution of information on the internet. Virtualization is a focal point for supporting cloud resources sharing. The secrecy of data management is the essential warning for the assurance of computer security such that cloud processing will not have effective privacy safety. All subtleties of information relocation to cloud stay escaped the clients. In this review, the effective mobility techniques for privacy and secured cloud computing have been studied to support the infrastructure as service.
Authored by Betty Samuel, Saahira Ahamed, Padmanayaki Selvarajan
The 5G technology ensures reliable and affordable broadband access worldwide, increases user mobility, and assures reliable and affordable connectivity of a wide range of electronic devices such as the Internet of Things (IoT).SDN (Software Defined Networking), NFV ( Network Function Virtualization), and cloud computing are three technologies that every technology provider or technology enabler tries to incorporate into their products to capitalize on the useability of the 5th generation.The emergence of 5G networks and services expands the range of security threats and leads to many challenges in terms of user privacy and security. The purpose of this research paper is to define the security challenges and threats associated with implementing this technology, particularly those affecting user privacy. This research paper will discuss some solutions related to the challenges that occur when implementing 5G, and also will provide some guidance for further development and implementation of a secure 5G system.
Authored by Aysha Alfaw, Alauddin Al-Omary
The digital transformation brought on by 5G is redefining current models of end-to-end (E2E) connectivity and service reliability to include security-by-design principles necessary to enable 5G to achieve its promise. 5G trustworthiness highlights the importance of embedding security capabilities from the very beginning while the 5G architecture is being defined and standardized. Security requirements need to overlay and permeate through the different layers of 5G systems (physical, network, and application) as well as different parts of an E2E 5G architecture within a risk-management framework that takes into account the evolving security-threats landscape. 5G presents a typical use-case of wireless communication and computer networking convergence, where 5G fundamental building blocks include components such as Software Defined Networks (SDN), Network Functions Virtualization (NFV) and the edge cloud. This convergence extends many of the security challenges and opportunities applicable to SDN/NFV and cloud to 5G networks. Thus, 5G security needs to consider additional security requirements (compared to previous generations) such as SDN controller security, hypervisor security, orchestrator security, cloud security, edge security, etc. At the same time, 5G networks offer security improvement opportunities that should be considered. Here, 5G architectural flexibility, programmability and complexity can be harnessed to improve resilience and reliability. The working group scope fundamentally addresses the following: •5G security considerations need to overlay and permeate through h the different layers of the 5G systems (physical, network, and application) as well as different parts of an E2E 5G architecture including a risk management framework that takes into account the evolving security threats landscape. •5G exemplifies a use-case of heterogeneous access and computer networking convergence, which extends a unique set of security challenges and opportunities (e.g., related to SDN/NFV and edge cloud, etc.) to 5G networks. Similarly, 5G networks by design offer potential security benefits and opportunities through harnessing the architecture flexibility, programmability and complexity to improve its resilience and reliability. •The IEEE FNI security WG s roadmap framework follows a taxonomic structure, differentiating the 5G functional pillars and corresponding cybersecurity risks. As part of cross collaboration, the security working group will also look into the security issues associated with other roadmap working groups within the IEEE Future Network Initiative.
Authored by Ashutosh Dutta, Eman Hammad, Michael Enright, Fawzi Behmann, Arsenia Chorti, Ahmad Cheema, Kassi Kadio, Julia Urbina-Pineda, Khaled Alam, Ahmed Limam, Fred Chu, John Lester, Jong-Geun Park, Joseph Bio-Ukeme, Sanjay Pawar, Roslyn Layton, Prakash Ramchandran, Kingsley Okonkwo, Lyndon Ong, Marc Emmelmann, Omneya Issa, Rajakumar Arul, Sireen Malik, Sivarama Krishnan, Suresh Sugumar, Tk Lala, Matthew Borst, Brad Kloza, Gunes Kurt
In this fast growing technology and tight integration of physical devices in conventional networks, the resource management and adaptive scalability is a problematic undertaking particularly when it comes to network security measures. Current work focuses on software defined network (SDN) and network function virtualization (NFV) based security solution to address problems in network and security management. However, deployment, configuration and implementation of SDN/NFVbased security solution remains a real challenge. To overcome this research challenge, this paper presents the implementation of SDN-NFVs based network security solution. The proposed methodology is based on using open network operating system (ONOS) SDN Controller with Zodiac FX Openflow switches and virtual network functions (VNF). VNF comprises of virtual security functions (VSF) which includes firewall, intrusion prevention system (IPS) and intrusion detection system (IDS). One of the main contributions of this research is the implementation of security solution of an enterprise, utilizing SDN-NFV platform and commodity hardware. We demonstrate the successful implementation, configuration and deployment of the proposed NFVbased network security solution for an enterprise.
Authored by Rizwan Saeed, Safwan Qureshi, Muhammad Farooq, Muhammad Zeeshan
5G core network introduces service based architecture, software defined network, network function virtualization and other new technologies, showing the characteristics of IT and Internet. The new architecture and new technologies not only bring convenience to 5G but also introduce new security threats, especially the unknown security threats caused by unknown vulnerabilities or backdoors. This paper mainly introduces the security threats after the application of software defined network, network function virtualization and other technologies to 5G, summarizes the security solutions proposed by standardization organizations and academia, and puts forward a new idea of building a high-level secure 5G core network based on the endogenous safety and security.
Authored by Wei You, Mingyan Xu, Deqiang Zhou
This paper is an in-depth analysis of Virtualization Software, specifically – Oracle VM VirtualBox. Here, we analyze the existing system and determine the first two phases of the Secure Software Development Process. Here we go over the requirements elicitation, the architecture, and design phases of the secure software development lifecycle. We selected SQUARE methodology to identify the security requirements. Also, we used the Microsoft Threat Modeler tool for threat modeling. Finally, we identified major secure design patterns.
Authored by Rida Khan, Nouf AlHarbi, Ghadi AlGhamdi, Lamia Berriche
The experimental results demonstrated that, With the development of cloud computing, more and more people use cloud computing to do all kinds of things. However, for cloud computing, the most important thing is to ensure the stability of user data and improve security at the same time. From an analysis of the experimental results, it can be found that Cloud computing makes extensive use of technical means such as computing virtualization, storage system virtualization and network system virtualization, abstracts the underlying physical facilities into external unified interfaces, maps several virtual networks with different topologies to the underlying infrastructure, and provides differentiated services for external users. By comparing and analyzing the experimental results, it is clear that virtualization technology will be the main way to solve cloud computing security. Virtualization technology introduces a virtual layer between software and hardware, provides an independent running environment for applications, shields the dynamics, distribution and differences of hardware platforms, supports the sharing and reuse of hardware resources, provides each user with an independent and isolated computer environment, and facilitates the efficient and dynamic management and maintenance of software and hardware resources of the whole system. Applying virtualization technology to cloud security reduces the hardware cost and management cost of "cloud security" enterprises to a certain extent, and improves the security of "cloud security" technology to a certain extent. This paper will outline the basic cloud computing security methods, and focus on the analysis of virtualization cloud security technology.
Authored by Jiaxing Zhang
To improve the quality of network security service, the physical device service mode in traditional security service is improved, and the NFV network security service system is constructed by combining software defined networking (SDN) and network function virtualization technology (NFV). Where, network service is provided in the form of security service chain, and Web security scan service is taken as the task, finally the implementation and verification of the system are carried out. The test result shows that the security service system based on NFV can balance the load between the security network service devices in the Web security scan, which proves that the network security system based on software defined security and NFV technology can meet certain service requirements, and lays the research foundation for the improvement of the subsequent user network security service.
Authored by Lei Wang, SiJiang Xie, Can Cao, Chen Li