Microelectronics Security - In this paper, we present research on the analysis of the design space for cybersecurity visualizations in VizSec. At the beginning of this research, we analyzed 17 survey papers in the field of cybersecurity visualization. Based on the analysis of the focus areas in each of these survey papers, we identified five key components of visualization design, i.e. Input Data, Security Tasks, Visual Encoding, Interactivity, and Evaluation. To show how research papers align with these components, we analyzed 60 papers published at the IEEE Symposium on Visualization for Cyber Security (VizSec) between 2016 and 2021 in the context of the five identified components. As a result, each research paper was classified into several categories derived from the selected components of the visualization design. Our contributions are: (i) an analysis of the focus areas in survey papers on cybersecurity visualization and (ii) the classification of 60 research papers in the context of the selected components of the visualization design. Finally, we highlighted the main findings of the analysis and drew conclusions.

Microelectronics Security - A mail spoofing attack is a harmful activity that modifies the source of the mail and trick users into believing that the message originated from a trusted sender whereas the actual sender is the attacker. Based on the previous work, this paper analyzes the transmission process of an email. Our work identifies new attacks suitable for bypassing SPF, DMARC, and Mail User Agent’s protection mechanisms. We can forge much more realistic emails to penetrate the famous mail service provider like Tencent by conducting the attack. By completing a large-scale experiment on these well-known mail service providers, we find some of them are affected by the related vulnerabilities. Some of the bypass methods are different from previous work. Our work found that this potential security problem can only be effectively protected when all email service providers have a standard view of security and can configure appropriate security policies for each email delivery node. In addition, we also propose a mitigate method to defend against these attacks. We hope our work can draw the attention of email service providers and users and effectively reduce the potential risk of phishing email attacks on them.

Microelectronics Security - The boundaries between the real world and the virtual world are going to be blurred by Metaverse. It is transforming every aspect of humans to seamlessly transition from one virtual world to another. It is connecting the real world with the digital world by integrating emerging tech like 5G, 3d reconstruction, IoT, Artificial intelligence, digital twin, augmented reality (AR), and virtual reality (VR). Metaverse platforms inherit many security \& privacy issues from underlying technologies, and this might impede their wider adoption. Emerging tech is easy to target for cybercriminals as security posture is in its infancy. This work elaborates on current and potential security, and privacy risks in the metaverse and put forth proposals and recommendations to build a trusted ecosystem in a holistic manner.

Microelectronics Security - The need for safe large data storage services is at an all-time high and confidentiality is a fundamental need of any service. Consideration must also be given to service customer anonymity, one of the most important privacy considerations. As a result, the service should offer realistic and fine-grained [11] encrypted data sharing, which allows a data owner to share a cipher text of data with others under certain situations. In order to accomplish the aforesaid characteristics, our system offers a novel privacy- preserving cipher text multi-sharing technique. In this way, proxy re-encryption and anonymity are combined to allow many receivers to safely and conditionally receive a cipher text while maintaining the confidentiality of the underlying message and the identities of the senders and recipients. In this paper, a logical cloud security scheme is introduced called Modified Data Cipher Policies (MDCP), in which it is a new primitive also protects against known cipher text attacks, as demonstrated by the system.

Microelectronics Security - In recent years, information and communication systems have experienced serious security issues due to the rising popularity of image-sharing platforms and the ubiquity of numerous smart electronic devices. The increased volume of data generated by the medical and clinical communities necessitates the use of such advanced platforms for data exchange. As a result, the implementation of improved procedures and resources in terms of storage and security is essential. This research proposes a novel medical image encryption method based on chaos sequence and the modified Twofish algorithm. A quick and more efficient algorithm than current methods is built using chaos-based image encryption methods. The modified algorithm can be applied for hardware applications.

Microelectronics Security - By analyzing the current research status at home and abroad, researching and analyzing the system requirements, we develops and designs an environmental and security system based on NB-IoT and ZigBee protocols, so that the sensor data collected on the device side can realize realtime data monitoring and home environment safety alarm on the open-source control platform and user terminal. Finally, we test and demonstrate the system and summarize the results and future prospects.

Microelectronics Security - In practice, different styles of side channel attacks can utilize the leakages of a crypto device to recover the used secret key, which can pose a serious threat on the physical security of a crypto device. Among different styles of side channel attacks, template attack can be information theoretically the strongest attack style. However, numerical problems can seriously influence the key-recovery efficiency of template attack in practice, which can make template attack useless in practice. In light of this, the variance analysis based distinguisher is proposed for template attack. Compared with the classical template attack, variance analysis based template attack can reduce the computational complexity of template attack from O(d3) to O(d), where d denotes the number of interesting points. Besides, numerical problems do not exist anymore. Therefore, a large number of interesting points can be chosen to enlarge the leakage exploitation and accordingly optimize the key-recovery efficiency of template attack. The key-recovery efficiency of variance analysis based template attack is evaluated in both simulated and real scenarios, and the evaluation results show that compared with the classical template attack, variance analysis based template attack can maintain a high key-recovery efficiency while significantly decrease the number of traces that should be used in the profiling phase of template attack.

Microelectronics Security - In this paper, we propose a Chaotic Probability Constellation Shaping (CPCS) method in Free-Space Optical (FSO) communication to enhance security and improve the performance of the transmission data. Gather as many points as possible in the middle via chaotic controlling. The influence of turbulence on the signal transmission can be attenuated to the minimum. In the simulation, a ratio of 56Gb/s 16-QAM signal is transmitted 1-km space channel with an attenuation index of 10dB/km. The CPCS technique can improve almost 0.5 dB optical signal noise ratio (OSNR) performance @10-3 BER than that of the related original signal. Simulation results indicate that the proposed method not only enhances the security but also improves the BER performance.

Microelectronics Security - With the increasing improvement of network security technology, network security management is forming a closedloop process of transitioning from post-fire fighting to prechecking, real-time monitoring and protection, and postdisposal reinforcement. This paper introduces a new system based on network asset risk assessment and network asset security protection, which is capable of detecting unrepaired security vulnerabilities in network assets and monitoring users’ assets for compliance, and notifying them if there are problems, and also has SYSLOG asset upload technology for uploading asset changes.

Microelectronics Security - Web application security is the most important area when it comes to developing a web application. Many web applications having vulnerabilities due to poor implementation of security measures. These web applications will be deployed without fixing the vulnerabilities thus becomes vulnerable to many cyber-attacks. Simple attacks like brute-force and NoSQL injection could give unauthorized access to the user accounts. This leads to user privacy issues which could create huge loss to the organizations. These vulnerabilities can be fixed by implementing the necessary security measures while developing the web application. OWASP (Open Web Application Security Project) is a non-profit organization which gives the severity, impact and prevention methods about Top 10 vulnerabilities in web applications. This research deals with the implementation of bestsecurity practices for Node.js web applications in detail. This research paper proposes the security mechanisms for attacks related to front-end, middleware and backend web development using OWASP suggestions. The main focus of this research paper is on prevention of Denial-of-service attack, Brute force attack, NoSQL injection attack and Unrestricted file upload vulnerability.The proposed prevention methods are implemented in a web application to test the defensive mechanisms against the mentionedvulnerabilities.