As we know, change is the only constant present in healthcare services. In this rapidly developing world, the need to drastically improve healthcare performance is essential. Real-time health data monitoring, analysis, and storage securely present us with a highly efficient healthcare system to diagnose, predict, and prevent deadly diseases. Integrating IoT data with blockchain storage technology gives safety and security to the data. The current bottleneck we face while integrating blockchain and IoT is primarily interoperability, scalability, and lack of regulatory frameworks. By integrating Explainable AI into the system, it is possible to overcome some of these bottlenecks between IoT devices and blockchain. XAI acts as a middleware solution, helping in interpreting the predictions and enforcing the standard data communication protocol.
Authored by CH Murthy V, Lawanya Shri
Multi-agent systems offer the advantage of performing tasks in a distributed and decentralized manner, thereby increasing efficiency and effectiveness. However, building these systems also presents challenges in terms of communication, security, and data integrity. Blockchain technology has the potential to address these challenges and to revolutionize the way that data is stored and shared, by providing a tamper-evident log of events in event-driven distributed multi-agent systems. In this paper, we propose a blockchain-based approach for event-sourcing in such systems, which allows for the reliable and transparent recording of events and state changes. Our approach leverages the decentralized nature of blockchains to provide a tamperresistant event log, enabling agents to verify the integrity of the data they rely on.
Authored by Ayman Cherif, Youssef Achir, Mohamed Youssfi, Mouhcine Elgarej, Omar Bouattane
Object Oriented Security - At present, the traditional substation auxiliary control system is faced with the following four problems: poor real-time capability to abnormal response, high dependence on people when solving malfunctions, the communication, deployment and expansion of different underlying devices, and the lack of security mechanism. To solve these problems or optimize the functions, an intelligent substation auxiliary control system is proposed. The system innovatively applies OPC UA to the construction of the auxiliary control system. First, through the use of OPC UA s unique object-oriented modeling method as well as the joint specification modeling of OPC UA and IEC61850, to solve the data communication problems caused by heterogeneous devices. Second, applying the Client/Server mode to realize the remote access from authorized mobile clients and give instructions, to cope with abnormal conditions, which reduces the dependency on people. Clients of other authorized enterprises are allowed to access the working data of the devices they are interested in, makes full use of massive data and ensures the information security of the system. Third, Pub/Sub mode is applied to enable the underlying devices to communicate directly with each other through the middleware, which reduces the response time of equipment joint debugging and improve the real-time performance. In addition, through OPC UA, the industrial data of the system can be transmitted over the Internet, realizing the combination of the Internet of Things and the Internet, which is an idea of the combination of the two in the future.
Authored by Chun Zhu, Binai Li, Zhengyu Lv, Xiaoyu Zhao
Middleware Security - Virtual machine (VM) based application sandboxes leverage strong isolation guarantees of virtualization techniques to address several security issues through effective containment of malware. Specifically, in end-user physical hosts, potentially vulnerable applications can be isolated from each other (and the host) using VM based sandboxes. However, sharing data across applications executing within different sandboxes is a nontrivial requirement for end-user systems because at the end of the day, all applications are used by the end-user owning the device. Existing file sharing techniques compromise the security or efficiency, especially considering lack of technical expertise of many end-users in the contemporary times.
Authored by Saketh Maddamsetty, Ayush Tharwani, Debadatta Mishra
Middleware Security - An evolvable hardware platform (EHWP) based on programmable devices can realize specific hardware function structures by changing the bitstreams. As EHWP becomes more and more widely used in security chips, issues related to hardware security have received focused attention, especially hardware Trojans (HTs). However, current research has focused on implementing defense against HTs in the underlying hardware, with very sparse mitigation solutions for HTs in the overlay/middleware layer. Given this, we attempt to implement an HTs mitigation solution using the characteristics of the EHWP. Specifically, we utilize evolutionary algorithm (EA) to explore new circuit structures to replace the HTsinfected resources, thus avoiding the related security issues. The experimental results show that the scheme proposed in this paper can effectively mitigate the HTs on EHWP.
Authored by Zeyu Li, Zhao Huang, Junjie Wang, Quan Wang
Middleware Security - Online advertisements are a significant element of the Internet ecosystem. Businesses monitor their customers via pushing advertising (Ads). Within minutes, cybercriminals try to defraud and steal data through advertisements. Therefore, the issue of ads must be solved. Ads are obtrusive, a security risk, and they hinder performance and efficiency. Hence, the goal is to create an ad-blocker that would operate across the entire network and prevent advertisement on any website s web pages. To put it another way, it s a little computer with such a SoC (System - On - chip) also referred to as a Raspberry Pi that is merged with a networking system, for which we need to retrain the advertisements. On the home network, software named Pi Hole is used to block websites with advertisements. Any network traffic that passes via devices connected to the home network now passes through the Pi. As a result, the adverts are finally checked out during the Raspberry Pi before they reach the users machine and they will be blocked.
Authored by Harshal Sonawane, Manasi Patil, Shashank Patil, Uma Thakur, Bhavin Patil, Abha Marathe
Middleware Security - Securing IoT networks has been one of recent most active research topics. However, unlike traditional network security, where the emphasis is given on the core network, IoT networks are mostly investigated from the data standpoint. Lightweight data transmission protocols, such as Message Queue Telemetry Transport (MQTT), are often deployed for data-sharing and device authentication due to limited onboard resources. This paper presents the MQTT protocol’s security vulnerabilities by incorporating Elliptic Curve Cryptographybased (ECC-based) security to improve confidentiality issues. We used commercially off-the-shelf (COTS) devices such as Raspberry Pi to build a simplified network topology that connects IoT devices in our smart home laboratory. The results illustrate an ECC-based security application in confidentiality increase of 70.65\% from 29.35\% in time parameter during publish/subscribe communication protocol for the smart home.
Authored by Zainatul Yusoff, Mohamad Ishak, Lukman Rahim, Omer Ali
Middleware Security - Cybersecurity of power hardware is becoming increasingly critical with the emergence of smart and connected devices such as Grid-connected inverters, EVs and their chargers, microgrid controllers, energy storage / energy management controllers, and smart appliances. Cyber-attacks on power hardware have had far-reaching and widespread impacts. For such cyber-physical systems, security must be ensured at all levels in the design - hardware, firmware, software and interfaces. Although previous approaches to cybersecurity have focused mainly on vulnerabilities in the firmware middleware, or software, vulnerabilities in the hardware itself are hard to identify and harder to mitigate, especially when most hardware components are proprietary and not examinable. This paper presents one approach to mitigate this conundrum - a completely open-source implementation of a microcontroller core along with the associated peripherals based on the well-known RISC-V instruction set architecture (ISA). The proof-of-concept architecture presented here uses the “Shakti” E-Class microcontroller core integrated with a fully custom PWM controller implemented in Verilog, and validated on a Xilinx Artix FPGA. For critical applications such designs may be replicated as a custom ASIC thereby guaranteeing total security of the computing hardware.
Authored by S Swakath, Abhijit Kshirsagar, Koteswararao Kondepu, Satish Banavath, Andrii Chub, Dmitri Vinnikov
Middleware Security - Connected devices are being deployed at a steady rate, providing services like data collection. Pervasive applications rely on those edge devices to seamlessly provide services to users. To connect applications and edge devices, using a middleware has been a popular approach. The research is active on the subject as there are many open challenges. The secure management of the edge devices and the security of the middleware are two of them. As security is a crucial requirement for pervasive environment, we propose a middleware architecture easing the secure use of edge devices for pervasive applications, while supporting the heterogeneity of communication protocols and the dynamism of devices. Because of the heterogeneity in protocols and security features, not all edge devices are equally secure. To allow the pervasive applications to gain control over this heterogeneous security, we propose a model to describe edge devices security. This model is accessible by the applications through our middleware. To validate our work, we developed a demonstrator of our middleware and we tested it in a concrete scenario.
Authored by Arthur Desuert, Stéphanie Chollet, Laurent Pion, David Hely
Middleware Security - Web application security is the most important area when it comes to developing a web application. Many web applications having vulnerabilities due to poor implementation of security measures. These web applications will be deployed without fixing the vulnerabilities thus becomes vulnerable to many cyber-attacks. Simple attacks like brute-force and NoSQL injection could give unauthorized access to the user accounts. This leads to user privacy issues which could create huge loss to the organizations. These vulnerabilities can be fixed by implementing the necessary security measures while developing the web application. OWASP (Open Web Application Security Project) is a non-profit organization which gives the severity, impact and prevention methods about Top 10 vulnerabilities in web applications. This research deals with the implementation of bestsecurity practices for Node.js web applications in detail. This research paper proposes the security mechanisms for attacks related to front-end, middleware and backend web development using OWASP suggestions. The main focus of this research paper is on prevention of Denial-of-service attack, Brute force attack, NoSQL injection attack and Unrestricted file upload vulnerability.The proposed prevention methods are implemented in a web application to test the defensive mechanisms against the mentionedvulnerabilities.
Authored by Akshay Kumar, Usha Rani
Middleware Security - Robot Operating System 2 (ROS2) is the latest release of a framework for enabling robot applications. Data Distribution Service (DDS) middleware is used for communication between nodes in a ROS2 cluster. The DDS middleware provides a distributed discovery system, message definitions and serialization, and security. In ROS2, the DDS middleware is accessed through an abstraction layer, making it easy to switch from one implementation to another. The existing middleware implementations differ in a number of ways, e.g., in how they are supported in ROS2, in their support for the security features, their ease of use, their performance, and their interoperability. In this work, the focus is on the ease of use, interoperability, and security features aspects of ROS2 DDS middleware. We compare the ease of installation and ease of use of three different DDS middleware, and test the interoperability of different middleware combinations in simple deployment scenarios. We highlight the difference that enabling the security option makes to interoperability, and conduct performance experiments that show the effect that turning on security has on the communication performance. Our results provide guidelines for choosing and deploying DDS middleware on a ROS2 cluster.
Authored by Max Aartsen, Kanta Banga, Konrad Talko, Dustin Touw, Bertus Wisman, Daniel Meïnsma, Mathias Björkqvist
Microelectronics Security - Web application security is the most important area when it comes to developing a web application. Many web applications having vulnerabilities due to poor implementation of security measures. These web applications will be deployed without fixing the vulnerabilities thus becomes vulnerable to many cyber-attacks. Simple attacks like brute-force and NoSQL injection could give unauthorized access to the user accounts. This leads to user privacy issues which could create huge loss to the organizations. These vulnerabilities can be fixed by implementing the necessary security measures while developing the web application. OWASP (Open Web Application Security Project) is a non-profit organization which gives the severity, impact and prevention methods about Top 10 vulnerabilities in web applications. This research deals with the implementation of bestsecurity practices for Node.js web applications in detail. This research paper proposes the security mechanisms for attacks related to front-end, middleware and backend web development using OWASP suggestions. The main focus of this research paper is on prevention of Denial-of-service attack, Brute force attack, NoSQL injection attack and Unrestricted file upload vulnerability.The proposed prevention methods are implemented in a web application to test the defensive mechanisms against the mentionedvulnerabilities.
Authored by Akshay Kumar, Usha Rani
Connected devices are being deployed at a steady rate, providing services like data collection. Pervasive applications rely on those edge devices to seamlessly provide services to users. To connect applications and edge devices, using a middleware has been a popular approach. The research is active on the subject as there are many open challenges. The secure management of the edge devices and the security of the middleware are two of them. As security is a crucial requirement for pervasive environment, we propose a middleware architecture easing the secure use of edge devices for pervasive applications, while supporting the heterogeneity of communication protocols and the dynamism of devices. Because of the heterogeneity in protocols and security features, not all edge devices are equally secure. To allow the pervasive applications to gain control over this heterogeneous security, we propose a model to describe edge devices security. This model is accessible by the applications through our middleware. To validate our work, we developed a demonstrator of our middleware and we tested it in a concrete scenario.
Authored by Arthur Desuert, Stéphanie Chollet, Laurent Pion, David Hely
Robot Operating System 2 (ROS2) is the latest release of a framework for enabling robot applications. Data Distribution Service (DDS) middleware is used for communication between nodes in a ROS2 cluster. The DDS middleware provides a distributed discovery system, message definitions and serialization, and security. In ROS2, the DDS middleware is accessed through an abstraction layer, making it easy to switch from one implementation to another. The existing middleware implementations differ in a number of ways, e.g., in how they are supported in ROS2, in their support for the security features, their ease of use, their performance, and their interoperability. In this work, the focus is on the ease of use, interoperability, and security features aspects of ROS2 DDS middleware. We compare the ease of installation and ease of use of three different DDS middleware, and test the interoperability of different middleware combinations in simple deployment scenarios. We highlight the difference that enabling the security option makes to interoperability, and conduct performance experiments that show the effect that turning on security has on the communication performance. Our results provide guidelines for choosing and deploying DDS middleware on a ROS2 cluster.
Authored by Max Aartsen, Kanta Banga, Konrad Talko, Dustin Touw, Bertus Wisman, Daniel Meïnsma, Mathias Björkqvist
ROS 2 is rapidly becoming a standard in the robotics industry. Built upon DDS as its default communication middleware and used in safety-critical scenarios, adding secu-rity to robots and ROS computational graphs is increasingly becoming a concern. The present work introduces SROS2, a series of developer tools and libraries that facilitate adding security to ROS 2 graphs. Focusing on a usability-centric approach in SROS2, we present a methodology for securing graphs systematically while following the DevSecOps model. We also demonstrate the use of our security tools by presenting an application case study that considers securing a graph using the popular Navigation2 and SLAM Toolbox stacks applied in a TurtieBot3 robot. We analyse the current capabilities of SROS2 and discuss the shortcomings, which provides insights for future contributions and extensions. Ultimately, we present SROS2 as usable security tools for ROS 2 and argue that without usability, security in robotics will be greatly impaired.
Authored by Victor Mayoral-Vilches, Ruffin White, Gianluca Caiazza, Mikael Arguedas
Virtual machine (VM) based application sandboxes leverage strong isolation guarantees of virtualization techniques to address several security issues through effective containment of malware. Specifically, in end-user physical hosts, potentially vulnerable applications can be isolated from each other (and the host) using VM based sandboxes. However, sharing data across applications executing within different sandboxes is a non-trivial requirement for end-user systems because at the end of the day, all applications are used by the end-user owning the device. Existing file sharing techniques compromise the security or efficiency, especially considering lack of technical expertise of many end-users in the contemporary times. In this paper, we propose MicroBlind, a security hardened file sharing framework for virtualized sandboxes to support efficient data sharing across different application sandboxes. MicroBlind enables a simple file sharing management API for end users where the end user can orchestrate file sharing across different VM sandboxes in a secure manner. To demonstrate the efficacy of MicroBlind, we perform comprehensive empirical analysis against existing data sharing techniques (augmented for the sandboxing setup) and show that MicroBlind provides improved security and efficiency.
Authored by Saketh Maddamsetty, Ayush Tharwani, Debadatta Mishra