In the context of the Internet of Things (IoT), lightweight block ciphers are of vital importance. Due to the nature of the devices involved, traditional security solutions can add overhead and perhaps inhibit the application's objective due to resource limits. Lightweight cryptography is a novel suite of ciphers that aims to provide hardware-constrained devices with a high level of security while maintaining a low physical cost and high performance. In this paper, we are going to evaluate the performance of some of the recently proposed lightweight block ciphers (GIFT-COFB, Romulus, and TinyJAMBU) on the Arduino Due. We analyze data on each algorithm's performance using four metrics: average encryption and decryption execution time; throughput; power consumption; and memory utilization. Among our chosen ciphers, we find that TinyJAMBU and GIFT-COFB are excellent choices for resource-constrained IoT devices.

The design of efficient and secure cryptographic algorithms is a fundamental problem of cryptography. Due to the tight cost and constrained resources devices such as Radio-Frequency IDentification (RFID), wireless sensors, smart cards, health-care devices, lightweight cryptography has received a great deal of attention. Recent research mainly focused on designing optimized cryptographic algorithms which trade offs between security performance, time consuming, energy consumption and cost. In this paper, we present two chaotic stream ciphers based on chaos and we report the results of a comparative performance evaluation study. Compared to other crypto-systems of the literature, we demonstrate that our designed stream ciphers are suitable for practical secure applications of the Internet of Things (IoT) in a constrained resource environment.

Lightweight cryptography is a novel diversion from conventional cryptography that targets internet-of-things (IoT) platform due to resource constraints. In comparison, it offers smaller cryptographic primitives such as shorter key sizes, block sizes and lesser energy drainage. The main focus can be seen in algorithm developments in this emerging subject. Thus, verification is carried out based upon theoretical (mathematical) proofs mostly. Among the few available side-channel analysis studies found in literature, the highest percentage is taken by power attacks. PRESENT is a promising lightweight block cipher to be included in IoT devices in the near future. Thus, the emphasis of this paper is on lightweight cryptology, and our investigation shows unavailability of a correlation electromagnetic analysis (CEMA) of it. Hence, in an effort to fill in this research gap, we opted to investigate the capabilities of CEMA against the PRESENT algorithm. This work aims to determine the probability of secret key leakage with a minimum number of electromagnetic (EM) waveforms possible. The process initially started from a simple EM analysis (SEMA) and gradually enhanced up to a CEMA. This paper presents our methodology in attack modelling, current results that indicate a probability of leaking seven bytes of the key and upcoming plans for optimisation. In addition, introductions to lightweight cryptanalysis and theories of EMA are also included.

In this paper, two lightweight cryptography methods were introduced and developed on hardware. The PRESENT lightweight block cipher, and the DM-PRESENT lightweight hash function were implemented on Intel FPGA. The PRESENT core with 64-bit block data and 80-bit data key consumes 2,945 logic element, 1,824 registers, and 273,408 memory bits. Meanwhile, the DM-PRESENT core with 64-bit input and 80-bit key consumes 2,336 logic element, 1,380 registers, and 273,408 memory bits. The PRESENT core with 128-bit key and DM-PRESENT based on this core were also implemented. These cores were simulated for functional verification and embedded in NIOS II for implementation possibility on hardware. They consumed less logic resources and power consumption compared with conventional cryptography methods.

This paper explores high throughput architectures for the substitution modules, which are an integral component of encryption algorithms. The security algorithms chosen belong to the category of lightweight crypto-primitives suitable for pervasive computing. The focus of this work is on the implementation of encryption algorithms on hardware platforms to improve speed and facilitate optimization in the area and power consumption of the design. In this work, the architecture for the encryption algorithms' substitution box (S-box) is modified using switching circuits (i.e., MUX-based) along with a logic generator and included in the overall cipher design. The modified architectures exhibit high throughput and consume less energy in comparison to the state-of-the-art designs. The percentage increase in throughput or maximum frequency differs according to the chosen algorithms discussed elaborately in this paper. The evaluation of various metrics specific to the design are executed at RFID-specific frequency so that they can be deployed in an IoT environment. The designs are mainly simulated and compared on Nexys4 DDR FPGA platform, along with a few other FPGAs, to meet similar design and implementation environments for a fair comparison. The application of the proposed S-box modification is explored for the healthcare scenario with promising results.

With the development of the Internet of Things (IoT), the demand for lightweight cipher came into being. At the same time, the security of lightweight cipher has attracted more and more attention. FESH algorithm is a lightweight cipher proposed in 2019. Relevant studies have proved that it has strong ability to resist differential attack and linear attack, but its research on resisting side-channel attack is still blank. In this paper, we first introduce a correlation power analysis for FESH algorithm and prove its effectiveness by experiments. Then we propose a mask scheme for FESH algorithm, and prove the security of the mask. According to the experimental results, protected FESH only costs 8.6%, 72.3%, 16.7% of extra time, code and RAM.

Recent years have witnessed impressive advances in technology which led to the rapid growth of the Internet of Things (IoT) and Wireless Sensor Networks (WSNs) using numerous low-powered devices with a huge number of actuators and sensors. These devices gather and exchange data over the internet and generate enormous amounts of data needed to be secured. Although traditional cryptography provides an efficient means of addressing device and communication confidentiality, integrity, and authenticity issues, it may not be appropriate for very resource-constrained systems, particularly for end-nodes such as a simply connected sensor. Thus, there is an ascent need to use lightweight cryptography (LWC) providing the needed level of security with less complexity, area and energy overhead. In this paper, four lightweight cryptographic algorithms called PRESENT, LED, Piccolo, and SPARX were implemented over a Contiki-based IoT operating system, dedicated for IoT platforms, and assessed regarding RAM and ROM usage, power and energy consumption, and CPU cycles number. The Cooja network simulator is used in this study to determine the best lightweight algorithms to use in IoT applications utilizing wireless sensor networks technology.

Scan-based test methodology is one of the most popular test techniques in VLSI circuits. This methodology increases the testability which in turn improves the fault coverage. For this purpose, the technique uses a chain of scan cells. This becomes a source of attack for an attacker who can observe / control the internal states and use the information for malicious purposes. Hence, security becomes the main concern in the Integrated Circuit (IC) domain since scan chains are the main reason for leakage of confidential information during testing phase. These leakages will help attackers in reverse engineering. Measures against such attacks have to be taken by encrypting the data which flows through the scan chains. Lightweight ciphers can be used for scan chain encryption. In this work, encryption of scan data is done for ISCAS-89 benchmarks and the performance and security properties are evaluated. Lightweight stream and block ciphers are used to perform scan encryption. A comparative analysis between the two techniques is performed in par with the functions related to design cost and security properties.

In recent years, the use of the Internet of Things (IoT) has increased rapidly in different areas. Due to many IoT applications, many limitations have emerged such as power consumption and limited resources. The security of connected devices is becoming more and more a primary need for the reliability of systems. Among other things, power consumption remains an essential constraint with a major impact on the quality of the encryption system. For these, several lightweight cryptography algorithms were proposed and developed. The PRESENT algorithm is one of the lightweight block cipher algorithms that has been proposed for a highly restrictive application. In this paper, we have proposed an efficient hardware serial architecture that uses 16 bits for data path encryption. It uses fewer FPGA resources and achieves higher throughput compared to other existing hardware applications.

We use mobile apps on a daily basis and there is an app for everything. We trust these applications with our most personal data. It is therefore important that these apps are as secure and well usable as possible. So far most studies on the maintenance and security of mobile applications have been done on Android applications. We do, however, not know how well these results translate to iOS.This research project aims to close this gap by analysing iOS applications with regards to maintainability and security. Regarding maintainability, we analyse code smells in iOS applications, the evolution of code smells in iOS applications and compare code smell distributions in iOS and Android applications. Regarding security, we analyse the evolution of the third-party library dependency network for the iOS ecosystem. Additionally, we analyse how publicly reported vulnerabilities spread in the library dependency network.Regarding maintainability, we found that the distributions of code smells in iOS and Android applications differ. Code smells in iOS applications tend to correspond to smaller classes, such as Lazy Class. Regarding security, we found that the library dependency network of the iOS ecosystem is not growing as fast as in some other ecosystems. There are less dependencies on average than for example in the npm ecosystem and, therefore, vulnerabilities do not spread as far.

Driven by the progress of data and compute-intensive methods in various scientific domains, there is an in-creasing demand from researchers working with highly sensitive data to have access to the necessary computational resources to be able to adapt those methods in their respective fields. To satisfy the computing needs of those researchers cost-effectively, it is an open quest to integrate reliable security measures on existing High Performance Computing (HPC) clusters. The fundamental problem with securely working with sensitive data is, that HPC systems are shared systems that are typically trimmed for the highest performance - not for high security. For instance, there are commonly no additional virtualization techniques employed, thus, users typically have access to the host operating system. Since new vulnerabilities are being continuously discovered, solely relying on the traditional Unix permissions is not secure enough. In this paper, we discuss a generic and secure workflow that can be implemented on typical HPC systems allowing users to transfer, store and analyze sensitive data. In our experiments, we see an advantage in the asynchronous execution of IO requests, while reaching 80 % of the ideal performance.

We have proposed a new Smart Meter Application (SMA) Framework. This application registers consumers at utility provider (Electricity), takes the meter reading for electricity and makes billing. The proposed application might offer higher level of flexibility and security, time saving and trustworthiness between consumers and authority offices. It’s expected that the application will be developed by Flutter to support Android and iOS Mobile Operating Systems.

Flush-based cache attacks like Flush+Reload and Flush+Flush are highly precise and effective. Most of the flush-based attacks provide high accuracy in controlled and isolated environments where attacker and victim share OS pages. However, we observe that these attacks are prone to low accuracy on a noisy multi-core system with co-running applications. Two root causes for the varying accuracy of flush-based attacks are: (i) the dynamic nature of core frequencies that fluctuate depending on the system load, and (ii) the relative placement of victim and attacker threads in the processor, like same or different physical cores. These dynamic factors critically affect the execution latency of key instructions like clflush and mov, rendering the pre-attack calibration step ineffective.We propose DABANGG, a set of novel refinements to make flush-based attacks resilient to system noise by making them aware of frequency and thread placement. First, we introduce pre-attack calibration that is aware of instruction latency variation. Second, we use low-cost attack-time optimizations like fine-grained busy waiting and periodic feedback about the latency thresholds to improve the effectiveness of the attack. Finally, we provide victim-specific parameters that significantly improve the attack accuracy. We evaluate DABANGG-enabled Flush+Reload and Flush+Flush attacks against the standard attacks in side-channel and covert-channel experiments with varying levels of compute, memory, and IO-intensive system noise. In all scenarios, DABANGG+Flush+Reload and DABANGG+Flush+Flush outperform the standard attacks in stealth and accuracy.

With the growth of mobile computing techniques, mobile gambling scams have seen a rampant increase in the recent past. In mobile gambling scams, miscreants deliver scamming messages via mobile instant messaging, host scam gambling platforms on mobile apps, and adopt mobile payment channels. To date, there is little quantitative knowledge about how this trending cybercrime operates, despite causing daily fraud losses estimated at more than \$\$\$522,262 USD. This paper presents the first empirical study based on ground-truth data of mobile gambling scams, associated with 1,461 scam incident reports and 1,487 gambling scam apps, spanning from January 1, 2020 to December 31, 2020. The qualitative and quantitative analysis of this ground-truth data allows us to characterize the operational pipeline and full fraud kill chain of mobile gambling scams. In particular, we study the social engineering tricks used by scammers and reveal their effectiveness. Our work provides a systematic analysis of 1,068 confirmed Android and 419 iOS scam apps, including their development frameworks, declared permissions, compatibility, and backend network infrastructure. Perhaps surprisingly, our study unveils that public online app generators have been abused to develop gambling scam apps. Our analysis reveals several payment channels (ab)used by gambling scam app and uncovers a new type of money mule-based payment channel with the average daily gambling deposit of \$\$\$400,000 USD. Our findings enable a better understanding of the mobile gambling scam ecosystem, and suggest potential avenues to disrupt these scam activities.

A recently emerged cellular network based One-Tap Authentication (OTAuth) scheme allows app users to quickly sign up or log in to their accounts conveniently: Mobile Network Operator (MNO) provided tokens instead of user passwords are used as identity credentials. After conducting a first in-depth security analysis, however, we have revealed several fundamental design flaws among popular OTAuth services, which allow an adversary to easily (1) perform unauthorized login and register new accounts as the victim, (2) illegally obtain identities of victims, and (3) interfere OTAuth services of legitimate apps. To further evaluate the impact of our identified issues, we propose a pipeline that integrates both static and dynamic analysis. We examined 1,025/894 Android/iOS apps, each app holding more than 100 million installations. We confirmed 396/398 Android/iOS apps are affected. Our research systematically reveals the threats against OTAuth services. Finally, we provide suggestions on how to mitigate these threats accordingly.

The prevalence of mobile devices (smartphones) along with the availability of high-speed internet access world-wide resulted in a wide variety of mobile applications that carry a large amount of confidential information. Although popular mobile operating systems such as iOS and Android constantly increase their defenses methods, data shows that the number of intrusions and attacks using mobile applications is rising continuously. Experts use techniques to detect malware before the malicious application gets installed, during the runtime or by the network traffic analysis. In this paper, we first present the information about different categories of mobile malware and threats; then, we classify the recent research methods on mobile malware traffic detection.

Service-oriented architecture (SOA) is a widely adopted architecture that uses web services, which have become increasingly important in the development and integration of applications. Its purpose is to allow information system technologies to interact by exchanging messages between sender and recipient using the simple object access protocol (SOAP), an XML document, or the HTTP protocol. We will attempt to provide an overview and analysis of standards in the field of web service security, specifically SOAP messages, using Kerberos authentication, which is a computer network security protocol that provides users with high security for requests between two or more hosts located in an unreliable location such as the internet.Everything that has to do with Kerberos has to deal with systems that rely on data authentication.

Kerberos protocol is a derivative type of server used for the authentication purpose. Kerberos is a network-based authentication protocol which communicates the tickets from one network to another in a secured manner. Kerberos protocol encrypts the messages and provides mutual authentication. Kerberos uses the symmetric cryptography which uses the public key to strengthen the data confidentiality. The KDS Key Distribution System gives the center of securing the messages. Kerberos has certain disadvantages as it provides public key at both ends. In this proposed approach, the Kerberos are secured by using the HMAC Hash-based Message Authentication Code which is used for the authentication of message for integrity and authentication purpose. It verifies the data by authentication, verifies the e-mail address and message integrity. The computer network and security are authenticated by verifying the user or client. These messages which are transmitted and delivered have to be integrated by authenticating it. Kerberos authentication is used for the verification of a host or user. Authentication is based on the tickets on credentials in a secured way. Kerberos gives faster authentication and uses the unique ticketing system. It supports the authentication delegation with faster efficiency. These encrypt the standard by encrypting the tickets to pass the information.

This paper presents a novel authentication method based on a distributed version of Kerberos for UAVs. One of the major problems of UAVs in recent years has been cyber-attacks which allow attackers to control the UAV or access its information. The growing use of UAVs has encouraged us to investigate the methods of their protection especially authentication of their users. In the past, the Kerberos system was rarely used for authentication in UAV systems. In our proposed method, based on a distributed version of Kerberos, we can authenticate multiple ground stations, users, and controllers for one or more UAVs. This method considers most of the security aspects to protect UAV systems mainly in the authentication phase and improves the security of UAVs and ground control stations and their communications considerably.

Trip planning, which targets at planning a trip consisting of several ordered Points of Interest (POIs) under user-provided constraints, has long been treated as an important application for location-based services. The goal of trip planning is to maximize the chance that the users will follow the planned trip while it is difficult to directly quantify and optimize the chance. Conventional methods either leverage statistical analysis to rank POIs to form a trip or generate trips following pre-defined objectives based on constraint programming to bypass such a problem. However, these methods may fail to reflect the complex latent patterns hidden in the human mobility data. On the other hand, though there are a few deep learning-based trip recommendation methods, these methods still cannot handle the time budget constraint so far. To this end, we propose a TIme-aware Neural Trip Planning (TINT) framework to tackle the above challenges. First of all, we devise a novel attention-based encoder-decoder trip generator that can learn the correlations among POIs and generate trips under given constraints. Then, we propose a specially-designed reinforcement learning (RL) paradigm to directly optimize the objective to obtain an optimal trip generator. For this purpose, we introduce a discriminator, which distinguishes the generated trips from real-life trips taken by users, to provide reward signals to optimize the generator. Subsequently, to ensure the feedback from the discriminator is always instructive, we integrate an adversarial learning strategy into the RL paradigm to update the trip generator and the discriminator alternately. Moreover, we devise a novel pre-training schema to speed up the convergence for an efficient training process. Extensive experiments on four real-world datasets validate the effectiveness and efficiency of our framework, which shows that TINT could remarkably outperform the state-of-the-art baselines within short response time.

Resiliency of cyber-physical systems (CPSs) against malicious attacks has been a topic of active research in the past decade due to widely recognized importance. Resilient CPS is capable of tolerating some attacks, operating at a reduced capacity with core functions maintained, and failing gracefully to avoid any catastrophic consequences. Existing work includes an architecture for hierarchical control systems, which is a subset of CPS with wide applicability, that is tailored for resiliency. Namely, the architecture consists of local, network and supervision layers and features such as simplex structure, resource isolation by hypervisors, redundant sensors/actuators, and software defined network capabilities. Existing work also includes methods of ensuring a level of resiliency at each one of the layers, respectively. However, for a holistic system level resiliency, individual methods at each layers must be coordinated in their deployment because all three layers interact for the operation of CPS. For this purpose, a resiliency coordinator for CPS is proposed in this work. The resiliency coordinator is the interconnection of central resiliency coordinator in the supervision layer, network resiliency coordinator in the network layer, and finally, local resiliency coordinators in multiple physical systems that compose the physical layer. We show, by examples, the operation of the resiliency coordinator and illustrate that RC accomplishes a level of attack resiliency greater than the sum of resiliency at each one of the layers separately.

Childcare, a critical infrastructure, played an important role to create community resiliency during the COVID-19 pandemic. By finding pathways to remain open, or rapidly return to operations, the adaptive capacity of childcare providers to offer care in the face of unprecedented challenges functioned to promote societal level mitigation of the COVID-19 pandemic impacts, to assist families in their personal financial recoveries, and to provide consistent, caring, and meaningful educational experiences for society's youngest members. This paper assesses the operational adaptations of childcare centers as a key resource and critical infrastructure during the COVID-19 pandemic in the Greater Rochester, NY metropolitan region. Our findings evaluate the policy, provider mitigation, and response actions documenting the challenges they faced and the solutions they innovated. Implications for this research extend to climate-induced disruptions, including fires, water shortages, electric grid cyberattacks, and other disruptions where extended stay-at-home orders or service critical interventions are implemented.

Power system robustness against high-impact low probability events is becoming a major concern. To depict distinct phases of a system response during these disturbances, an irregular polygon model is derived from the conventional trapezoid model and the model is analytically investigated for transmission system performance, based on which resiliency metrics are developed for the same. Furthermore, the system resiliency to windstorms is evaluated on the IEEE reliability test system (RTS) by performing steady-state and dynamic security assessment incorporating protection modelling and corrective action schemes using the Power System Simulator for Engineering (PSS®E) software. Based on the results of steady-state and dynamic analysis, modified resiliency metrics are quantified. Finally, this paper quantifies the interdependency of operational and infrastructure resiliency as they cannot be considered discrete characteristics of the system.

Recently, Cloud Computing became one of today’s great innovations for provisioning Information Technology (IT) resources. Moreover, a new model has been introduced named Fog Computing, which addresses Cloud Computing paradigm issues regarding time delay and high cost. However, security challenges are still a big concern about the vulnerabilities to both Cloud and Fog Computing systems. Man- in- the- Middle (MITM) is considered one of the most destructive attacks in a Fog Computing context. Moreover, it’s very complex to detect MiTM attacks as it is performed passively at the Software-Defined Networking (SDN) level, also the Fog Computing paradigm is ideally suitable for MITM attacks. In this paper, a MITM mitigation scheme will be proposed consisting of an SDN network (Fog Leaders) which controls a layer of Fog Nodes. Furthermore, Multi-Path TCP (MPTCP) has been used between all edge devices and Fog Nodes to improve resource utilization and security. The proposed solution performance evaluation has been carried out in a simulation environment using Mininet, Ryu SDN controller and Multipath TCP (MPTCP) Linux kernel. The experimental results showed that the proposed solution improves security, network resiliency and resource utilization without any significant overheads compared to the traditional TCP implementation.

An often overlooked but equally important aspect of unmanned aerial system (UAS) design is the security of their networking protocols and how they deal with cyberattacks. In this context, cyberattacks are malicious attempts to monitor or modify incoming and outgoing data from the system. These attacks could target anywhere in the system where a transfer of data occurs but are most common in the transfer of data between the control station and the UAS. A compromise in the networking system of a UAS could result in a variety of issues including increased network latency between the control station and the UAS, temporary loss of control over the UAS, or a complete loss of the UAS. A complete loss of the system could result in the UAS being disabled, crashing, or the attacker overtaking command and control of the platform, all of which would be done with little to no alert to the operator. Fortunately, the majority of higher-end, enterprise, and government UAS platforms are aware of these threats and take actions to mitigate them. However, as the consumer market continues to grow and prices continue to drop, network security may be overlooked or ignored in favor of producing the lowest cost product possible. Additionally, these commercial off-the-shelf UAS often use uniform, standardized frequency bands, autopilots, and security measures, meaning a cyberattack could be developed to affect a wide variety of models with minimal changes. This paper will focus on a low-cost educational-use UAS and test its resilience to a variety of cyberattack methods, including man-in-the-middle attacks, spoofing of data, and distributed denial-of-service attacks. Following this experiment will be a discussion of current cybersecurity practices for counteracting these attacks and how they can be applied onboard a UAS. Although in this case the cyberattacks were tested against a simpler platform, the methods discussed are applicable to any UAS platform attempting to defend against such cyberattack methods.