Visible to the public Biblio

Found 340 results

Filters: First Letter Of Last Name is N  [Clear All Filters]
A B C D E F G H I J K L M [N] O P Q R S T U V W X Y Z   [Show ALL]
Nykänen, Riku, Kärkkäinen, Tommi.  2016.  Supporting Cyber Resilience with Semantic Wiki. Proceedings of the 12th International Symposium on Open Collaboration. :21:1–21:8.

Cyber resilient organizations, their functions and computing infrastructures, should be tolerant towards rapid and unexpected changes in the environment. Information security is an organization-wide common mission; whose success strongly depends on efficient knowledge sharing. For this purpose, semantic wikis have proved their strength as a flexible collaboration and knowledge sharing platforms. However, there has not been notable academic research on how semantic wikis could be used as information security management platform in organizations for improved cyber resilience. In this paper, we propose to use semantic wiki as an agile information security management platform. More precisely, the wiki contents are based on the structured model of the NIST Special Publication 800-53 information security control catalogue that is extended in the research with the additional properties that support the information security management and especially the security control implementation. We present common uses cases to manage the information security in organizations and how the use cases can be implemented using the semantic wiki platform. As organizations seek cyber resilience, where focus is in the availability of cyber-related assets and services, we extend the control selection with option to focus on availability. The results of the study show that a semantic wiki based information security management and collaboration platform can provide a cost-efficient solution for improved cyber resilience, especially for small and medium sized organizations that struggle to develop information security with the limited resources.

Nyasore, O. N., Zavarsky, P., Swar, B., Naiyeju, R., Dabra, S..  2020.  Deep Packet Inspection in Industrial Automation Control System to Mitigate Attacks Exploiting Modbus/TCP Vulnerabilities. 2020 IEEE 6th Intl Conference on Big Data Security on Cloud (BigDataSecurity), IEEE Intl Conference on High Performance and Smart Computing, (HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS). :241–245.

Modbus TCP/IP protocol is a commonly used protocol in industrial automation control systems, systems responsible for sensitive operations such as gas turbine operation and refinery control. The protocol was designed decades ago with no security features in mind. Denial of service attack and malicious parameter command injection are examples of attacks that can exploit vulnerabilities in industrial control systems that use Modbus/TCP protocol. This paper discusses and explores the use of intrusion detection and prevention systems (IDPS) with deep packet inspection (DPI) capabilities and DPI industrial firewalls that have capability to detect and stop highly specialized attacks hidden deep in the communication flow. The paper has the following objectives: (i) to develop signatures for IDPS for common attacks on Modbus/TCP based network architectures; (ii) to evaluate performance of three IDPS - Snort, Suricata and Bro - in detecting and preventing common attacks on Modbus/TCP based control systems; and (iii) to illustrate and emphasize that the IDPS and industrial firewalls with DPI capabilities are not preventing but only mitigating likelihood of exploitation of Modbus/TCP vulnerabilities in the industrial and automation control systems. The results presented in the paper illustrate that it might be challenging task to achieve requirements on real-time communication in some industrial and automation control systems in case the DPI is implemented because of the latency and jitter introduced by these IDPS and DPI industrial firewall.

Nweke, Livinus Obiora, Wolthusen, Stephen D..  2020.  Modelling Adversarial Flow in Software-Defined Industrial Control Networks Using a Queueing Network Model. 2020 IEEE Conference on Communications and Network Security (CNS). :1–6.
In recent years, software defined networking (SDN) has been proposed for enhancing the security of industrial control networks. However, its ability to guarantee the quality of service (QoS) requirements of such networks in the presence of adversarial flow still needs to be investigated. Queueing theory and particularly queueing network models have long been employed to study the performance and QoS characteristics of networks. The latter appears to be particularly suitable to capture the behaviour of SDN owing to the dependencies between layers, planes and components in an SDN architecture. Also, several authors have used queueing network models to study the behaviour of different application of SDN architectures, but none of the existing works have considered the strong periodic network traffic in software-defined industrial control networks. In this paper, we propose a queueing network model for softwaredefined industrial control networks, taking into account the strong periodic patterns of the network traffic in the data plane. We derive the performance measures for the analytical model and apply the queueing network model to study the effect of adversarial flow in software-defined industrial control networks.
Nweke, Livinus Obiora, Wolthusen, Stephen D..  2020.  Resilience Analysis of Software-Defined Networks Using Queueing Networks. 2020 International Conference on Computing, Networking and Communications (ICNC). :536–542.
Software-Defined Networks (SDN) are being adopted widely and are also likely to be deployed as the infrastructure of systems with critical real-time properties such as Industrial Control Systems (ICS). This raises the question of what security and performance guarantees can be given for the data plane of such critical systems and whether any control plane actions will adversely affect these guarantees, particularly for quality of service in real-time systems. In this paper we study the existing literature on the analysis of SDN using queueing networks and show ways in which models need to be extended to study attacks that are based on arrival rates and service time distributions of flows in SDN.
Nweke, L. O., Weldehawaryat, G. Kahsay, Wolthusen, S. D..  2020.  Adversary Model for Attacks Against IEC 61850 Real-Time Communication Protocols. 2020 16th International Conference on the Design of Reliable Communication Networks DRCN 2020. :1—8.

Adversarial models are well-established for cryptographic protocols, but distributed real-time protocols have requirements that these abstractions are not intended to cover. The IEEE/IEC 61850 standard for communication networks and systems for power utility automation in particular not only requires distributed processing, but in case of the generic object oriented substation events and sampled value (GOOSE/SV) protocols also hard real-time characteristics. This motivates the desire to include both quality of service (QoS) and explicit network topology in an adversary model based on a π-calculus process algebraic formalism based on earlier work. This allows reasoning over process states, placement of adversarial entities and communication behaviour. We demonstrate the use of our model for the simple case of a replay attack against the publish/subscribe GOOSE/SV subprotocol, showing bounds for non-detectability of such an attack.

Nwebonyi, Francis N., Martins, Rolando, Correia, Manuel E..  2018.  Reputation-Based Security System For Edge Computing. Proceedings of the 13th International Conference on Availability, Reliability and Security. :39:1-39:8.

Given the centralized architecture of cloud computing, there is a genuine concern about its ability to adequately cope with the demands of connecting devices which are sharply increasing in number and capacity. This has led to the emergence of edge computing technologies, including but not limited to mobile edge-clouds. As a branch of Peer-to-Peer (P2P) networks, mobile edge-clouds inherits disturbing security concerns which have not been adequately addressed in previous methods. P2P security systems have featured many trust-based methods owing to their suitability and cost advantage, but these approaches still lack in a number of ways. They mostly focus on protecting client nodes from malicious service providers, but downplay the security of service provider nodes, thereby creating potential loopholes for bandwidth attack. Similarly, trust bootstrapping is often via default scores, or based on heuristics that does not reflect the identity of a newcomer. This work has patched these inherent loopholes and improved fairness among participating peers. The use cases of mobile edge-clouds have been particularly considered and a scalable reputation based security mechanism was derived to suit them. BitTorrent protocol was modified to form a suitable test bed, using Peersim simulator. The proposed method was compared to some related methods in the literature through detailed simulations. Results show that the new method can foster trust and significantly improve network security, in comparison to previous similar systems.

Nwabuona, Stanley, Schuss, Markus, Mayer, Simon, Diwold, Konrad, Krammer, Lukas, Einfalt, Alfred.  2018.  Time-Synchronized Data Collection in Smart Grids Through IPv6 over BLE. Proceedings of the 8th International Conference on the Internet of Things. :25:1-25:4.

For the operation of electrical distribution system an increased shift towards smart grid operation can be observed. This shift provides operators with a high level of reliability and efficiency when dealing with highly dynamic distribution grids. Technically, this implies that the support for a bidirectional flow of data is critical to realizing smart grid operation, culminating in the demand for equipping grid entities (such as sensors) with communication and processing capabilities. Unfortunately, the retrofitting of brown-field electric substations in distribution grids with these capabilities is not straightforward - this scenario requires a solution that provides "industry-grade" Internet of Things capabilities at "consumer-grade" prices (e.g., off-the-shelf communication standards and hardware). In this paper, we discuss the particular challenge of precisely time-synchronized wireless data collection in secondary substations that at the same time supports on-site configuration by authorized maintenance personnel through a mobile application: to achieve this, we propose a combined implementation of IPv6 over Bluetooth Low Energy.

Nuthan Munaiah, Andrew Meneely, Benjamin Short, Ryan Wilson, Jordan Tice.  2016.  Are Intrusion Detection Studies Evaluated Consistently? A Systematic Literature Review :18.

Cyberinfrastructure is increasingly becoming target of a wide spectrum of attacks from Denial of
Service to large-scale defacement of the digital presence of an organization. Intrusion Detection System
(IDSs) provide administrators a defensive edge over intruders lodging such malicious attacks. However,
with the sheer number of different IDSs available, one has to objectively assess the capabilities of different
IDSs to select an IDS that meets specific organizational requirements. A prerequisite to enable such
an objective assessment is the implicit comparability of IDS literature. In this study, we review IDS
literature to understand the implicit comparability of IDS literature from the perspective of metrics
used in the empirical evaluation of the IDS. We identified 22 metrics commonly used in the empirical
evaluation of IDS and constructed search terms to retrieve papers that mention the metric. We manually
reviewed a sample of 495 papers and found 159 of them to be relevant. We then estimated the number
of relevant papers in the entire set of papers retrieved from IEEE. We found that, in the evaluation
of IDSs, multiple different metrics are used and the trade-off between metrics is rarely considered. In
a retrospective analysis of the IDS literature, we found the the evaluation criteria has been improving
over time, albeit marginally. The inconsistencies in the use of evaluation metrics may not enable direct
comparison of one IDS to another.

Nursetyo, Arif, Ignatius Moses Setiadi, De Rosal, Rachmawanto, Eko Hari, Sari, Christy Atika.  2019.  Website and Network Security Techniques against Brute Force Attacks using Honeypot. 2019 Fourth International Conference on Informatics and Computing (ICIC). :1—6.
The development of the internet and the web makes human activities more practical, comfortable, and inexpensive. So that the use of the internet and websites is increasing in various ways. Public networks make the security of websites vulnerable to attack. This research proposes a Honeypot for server security against attackers who want to steal data by carrying out a brute force attack. In this research, Honeypot is integrated on the server to protect the server by creating a shadow server. This server is responsible for tricking the attacker into not being able to enter the original server. Brute force attacks tested using Medusa tools. With the application of Honeypot on the server, it is proven that the server can be secured from the attacker. Even the log of activities carried out by the attacker in the shadow server is stored in the Kippo log activities.
Nuqui, Reynaldo, Hong, Junho, Kondabathini, Anil, Ishchenko, Dmitry, Coats, David.  2018.  A Collaborative Defense for Securing Protective Relay Settings in Electrical Cyber Physical Systems. 2018 Resilience Week (RWS). :49—54.
Modern power systems today are protected and controlled increasingly by embedded systems of computing technologies with a great degree of collaboration enabled by communication. Energy cyber-physical systems such as power systems infrastructures are increasingly vulnerable to cyber-attacks on the protection and control layer. We present a method of securing protective relays from malicious change in protective relay settings via collaboration of devices. Each device checks the proposed setting changes of its neighboring devices for consistency and coordination with its own settings using setting rules based on relay coordination principles. The method is enabled via peer-to-peer communication between IEDs. It is validated in a cyber-physical test bed containing a real time digital simulator and actual relays that communicate via IEC 61850 GOOSE messages. Test results showed improvement in cyber physical security by using domain based rules to block malicious changes in protection settings caused by simulated cyber-attacks. The method promotes the use of defense systems that are aware of the physical systems which they are designed to secure.
Nunes, Eric, Shakarian, Paulo, Simari, Gerardo I., Ruef, Andrew.  2016.  Argumentation models for cyber attribution. :837–844.

A major challenge in cyber-threat analysis is combining information from different sources to find the person or the group responsible for the cyber-attack. It is one of the most important technical and policy challenges in cybersecurity. The lack of ground truth for an individual responsible for an attack has limited previous studies. In this paper, we take a first step towards overcoming this limitation by building a dataset from the capture-the-flag event held at DEFCON, and propose an argumentation model based on a formal reasoning framework called DeLP (Defeasible Logic Programming) designed to aid an analyst in attributing a cyber-attack. We build models from latent variables to reduce the search space of culprits (attackers), and show that this reduction significantly improves the performance of classification-based approaches from 37% to 62% in identifying the attacker.

Nunes, Eric, Shakarian, Paulo, Simari, Gerardo I., Ruef, Andrew.  2016.  Argumentation models for cyber attribution. :837–844.

A major challenge in cyber-threat analysis is combining information from different sources to find the person or the group responsible for the cyber-attack. It is one of the most important technical and policy challenges in cybersecurity. The lack of ground truth for an individual responsible for an attack has limited previous studies. In this paper, we take a first step towards overcoming this limitation by building a dataset from the capture-the-flag event held at DEFCON, and propose an argumentation model based on a formal reasoning framework called DeLP (Defeasible Logic Programming) designed to aid an analyst in attributing a cyber-attack. We build models from latent variables to reduce the search space of culprits (attackers), and show that this reduction significantly improves the performance of classification-based approaches from 37% to 62% in identifying the attacker.

Nunes, E., Kulkarni, N., Shakarian, P., Ruef, A., Little, J..  2015.  Cyber-deception and attribution in capture-the-flag exercises. 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM). :962–965.

Attributing the culprit of a cyber-attack is widely considered one of the major technical and policy challenges of cyber-security. The lack of ground truth for an individual responsible for a given attack has limited previous studies. Here, we overcome this limitation by leveraging DEFCON capture-the-flag (CTF) exercise data where the actual ground-truth is known. In this work, we use various classification techniques to identify the culprit in a cyberattack and find that deceptive activities account for the majority of misclassified samples. We also explore several heuristics to alleviate some of the misclassification caused by deception.

Numan-Al-Mobin, A. M., Cross, W. M., Kellar, J. J., Anagnostou, D. E..  2015.  RFID integrated QR code tag antenna. 2015 IEEE MTT-S International Microwave Symposium. :1–3.

This paper presents an entirely new RFID tag antenna design that incorporates the QR (Quick Response) code for security purposes. The tag antenna is designed to work at 2.45 GHz frequency. The RFID integrated QR code tag antenna is printed with an additive material deposition system that enables to produce a low cost tag antenna with extended security.

Nugroho, Yeremia Nikanor, Andika, Ferdi, Sari, Riri Fitri.  2019.  Scalability Evaluation of Aspen Tree and Fat Tree Using NS3. 2019 IEEE Conference on Application, Information and Network Security (AINS). :89–93.
When discussing data center networks (DCN), topology has a significant influence on the availability of data to the host. The performance of DCN is relative to the scale of the network. On a particular network scale, it can even cause a connection to the host to be disconnected due to the overhead of routing information. It takes a long time to get connected again so that the data packet that has been sent is lost. The length of time for updating routing information to all parts of the topology so that it can be reconnected or referred to as the time of convergence is the cause. Scalability of a network is proportional to the time of convergence. This article discusses Aspen Tree and Fat Tree, which is about the modification of multi-root trees that have been modified. In Fat Tree, a final set of hosts from a network can be disconnected from a network topology until there is an update of routing information that is disseminated to each switch on the network, due to a link failure. Aspen Tree is a reference topology because it is considered to reduce convergence time and control the overhead of network failure recovery. The DCN topology performance models are implemented using the open source NS-3 platform to support validation of performance evaluations.
Nugraha, B., Nambiar, A., Bauschert, T..  2020.  Performance Evaluation of Botnet Detection using Deep Learning Techniques. 2020 11th International Conference on Network of the Future (NoF). :141—149.

Botnets are one of the major threats on the Internet. They are used for malicious activities to compromise the basic network security goals, namely Confidentiality, Integrity, and Availability. For reliable botnet detection and defense, deep learning-based approaches were recently proposed. In this paper, four different deep learning models, namely Convolutional Neural Network (CNN), Long Short-Term Memory (LSTM), hybrid CNN-LSTM, and Multi-layer Perception (MLP) are applied for botnet detection and simulation studies are carried out using the CTU-13 botnet traffic dataset. We use several performance metrics such as accuracy, sensitivity, specificity, precision, and F1 score to evaluate the performance of each model on classifying both known and unknown (zero-day) botnet traffic patterns. The results show that our deep learning models can accurately and reliably detect both known and unknown botnet traffic, and show better performance than other deep learning models.

Ntshangase, C. S., Shabalala, M. B..  2018.  Encryption Using Finger-Code Generated from Fingerprints. 2018 Conference on Information Communications Technology and Society (ICTAS). :1-5.

In this paper, the literature survey of different algorithms for generating encryption keys using fingerprints is presented. The focus is on fingerprint features called minutiae points where fingerprint ridges end or bifurcate. Minutiae points require less memory and are processed faster than other fingerprint features. In addition, presented is the proposed efficient method for cryptographic key generation using finger-codes. The results show that the length of the key, computing time and the memory it requires is efficient for use as a biometric key or even as a password during verification and authentication.

Nozaki, Yusuke, Yoshikawa, Masaya.  2018.  Area Constraint Aware Physical Unclonable Function for Intelligence Module. 2018 3rd International Conference on Computational Intelligence and Applications (ICCIA). :205-209.

Artificial intelligence technology such as neural network (NN) is widely used in intelligence module for Internet of Things (IoT). On the other hand, the risk of illegal attacks for IoT devices is pointed out; therefore, security countermeasures such as an authentication are very important. In the field of hardware security, the physical unclonable functions (PUFs) have been attracted attention as authentication techniques to prevent the semiconductor counterfeits. However, implementation of the dedicated hardware for both of NN and PUF increases circuit area. Therefore, this study proposes a new area constraint aware PUF for intelligence module. The proposed PUF utilizes the propagation delay time from input layer to output layer of NN. To share component for operation, the proposed PUF reduces the circuit area. Experiments using a field programmable gate array evaluate circuit area and PUF performance. In the result of circuit area, the proposed PUF was smaller than the conventional PUFs was showed. Then, in the PUF performance evaluation, for steadiness, diffuseness, and uniqueness, favorable results were obtained.

Nozaki, Yusuke, Yoshikawa, Masaya.  2019.  Countermeasure of Lightweight Physical Unclonable Function Against Side-Channel Attack. 2019 Cybersecurity and Cyberforensics Conference (CCC). :30–34.

In industrial internet of things, various devices are connected to external internet. For the connected devices, the authentication is very important in the viewpoint of security; therefore, physical unclonable functions (PUFs) have attracted attention as authentication techniques. On the other hand, the risk of modeling attacks on PUFs, which clone the function of PUFs mathematically, is pointed out. Therefore, a resistant-PUF such as a lightweight PUF has been proposed. However, new analytical methods (side-channel attacks: SCAs), which use side-channel information such as power or electromagnetic waves, have been proposed. The countermeasure method has also been proposed; however, an evaluation using actual devices has not been studied. Since PUFs use small production variations, the implementation evaluation is very important. Therefore, this study proposes a SCA countermeasure of the lightweight PUF. The proposed method is based on the previous studies, and maintains power consumption consistency during the generation of response. In experiments using a field programmable gate array, the measured power consumption was constant regardless of output values of the PUF could be confirmed. Then, experimental results showed that the predicted rate of the response was about 50 %, and the proposed method had a tamper resistance against SCAs.

Nozaki, Yusuke, Yoshikawa, Masaya.  2017.  Tamper Resistance Evaluation of PUF Implementation Against Machine Learning Attack. Proceedings of the 2017 International Conference on Biometrics Engineering and Application. :1–6.
Recently, the semiconductor counterfeiting has become a serious problem. To counter this problem, Physical Unclonable Function (PUF) has been attracted attention. However, the risk of machine learning attacks for PUF is pointed out. To verify the safety of PUF, the evaluation (tamper resistance) against machine learning attacks in the difference of PUF implementations is very important. However, the tamper resistance evaluation in the difference of PUF implementation has barely been reported. Therefore, this study evaluates the tamper resistance of PUF in the difference of field programmable gate array (FPGA) implementations against machine learning attacks. Experiments using an FPGA clarified the arbiter PUF of the lookup table implementation has the tamper resistance against machine learning attacks.
Nozaki, Yusuke, Yoshikawa, Masaya.  2018.  EM Based Machine Learning Attack for XOR Arbiter PUF. Proceedings of the 2Nd International Conference on Machine Learning and Soft Computing. :19-23.

The physical unclonable functions (PUFs) have been attracted attention to prevent semiconductor counterfeits. However, the risk of machine learning attack for an arbiter PUF, which is one of the typical PUFs, has been reported. Therefore, an XOR arbiter PUF, which has a resistance against the machine learning attack, was proposed. However, in recent years, a new machine learning attack using power consumption during the operation of the PUF circuit was reported. Also, it is important that the detailed tamper resistance verification of the PUFs to consider the security of the PUFs in the future. Therefore, this study proposes a new machine learning attack using electromagnetic waveforms for the XOR arbiter PUF. Experiments by an actual device evaluate the validity of the proposed method and the security of the XOR arbiter PUF.

Nozaki, Y., Ikezaki, Y., Yoshikawa, M..  2016.  Tamper resistance of IoT devices against electromagnnetic analysis. 2016 IEEE International Meeting for Future of Electron Devices, Kansai (IMFEDK). :1–2.

Lightweight block ciphers, which are required for IoT devices, have attracted attention. Simeck, which is one of the most popular lightweight block ciphers, can be implemented on IoT devices in the smallest area. Regarding the hardware security, the threat of electromagnetic analysis has been reported. However, electromagnetic analysis of Simeck has not been reported. Therefore, this study proposes a dedicated electromagnetic analysis for a lightweight block cipher Simeck to ensure the safety of IoT devices in the future. To our knowledge, this is the first electromagnetic analysis for Simeck. Experiments using a FPGA prove the validity of the proposed method.

Nower, N., Yasuo Tan, Lim, A.O..  2014.  Efficient Temporal and Spatial Data Recovery Scheme for Stochastic and Incomplete Feedback Data of Cyber-physical Systems. Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on. :192-197.

Feedback loss can severely degrade the overall system performance, in addition, it can affect the control and computation of the Cyber-physical Systems (CPS). CPS hold enormous potential for a wide range of emerging applications including stochastic and time-critical traffic patterns. Stochastic data has a randomness in its nature which make a great challenge to maintain the real-time control whenever the data is lost. In this paper, we propose a data recovery scheme, called the Efficient Temporal and Spatial Data Recovery (ETSDR) scheme for stochastic incomplete feedback of CPS. In this scheme, we identify the temporal model based on the traffic patterns and consider the spatial effect of the nearest neighbor. Numerical results reveal that the proposed ETSDR outperforms both the weighted prediction (WP) and the exponentially weighted moving average (EWMA) algorithm regardless of the increment percentage of missing data in terms of the root mean square error, the mean absolute error, and the integral of absolute error.

Nowak, Mateusz, Nowak, Sławomir, Domańska, Joanna.  2019.  Cognitive Routing for Improvement of IoT Security. 2019 IEEE International Conference on Fog Computing (ICFC). :41–46.

Internet of Things is nowadays growing faster than ever before. Operators are planning or already creating dedicated networks for this type of devices. There is a need to create dedicated solutions for this type of network, especially solutions related to information security. In this article we present a mechanism of security-aware routing, which takes into account the evaluation of trust in devices and packet flows. We use trust relationships between flows and network nodes to create secure SDN paths, not ignoring also QoS and energy criteria. The system uses SDN infrastructure, enriched with Cognitive Packet Networks (CPN) mechanisms. Routing decisions are made by Random Neural Networks, trained with data fetched with Cognitive Packets. The proposed network architecture, implementing the security-by-design concept, was designed and is being implemented within the SerIoT project to demonstrate secure networks for the Internet of Things (IoT).

Novikova, Evgenia, Bekeneva, Yana, Shorov, Andrey.  2019.  The Location-Centric Approach to Employee's Interaction Pattern Detection. 2019 27th Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP). :373–378.
The task of the insider threat detection is one of the most sophisticated problems of the information security. The analysis of the logs of the access control system may reveal on how employees move and interact providing thus better understanding on how personnel observe security policies and established business processes. The paper presents an approach to the detection of the location-centric employees' interaction patterns. The authors propose the formal definition of the interaction patterns and present the visualization-driven technique to the extraction of the patterns from the data when any prior information about existing interaction routine and procedures is not available. The proposed approach is demonstrated on the data set provided within VAST MiniChallenge-2 2016 contest.