Visible to the public Biblio

Found 1046 results

Filters: Keyword is Protocols  [Clear All Filters]
2022-08-12
Siu, Jun Yen, Kumar, Nishant, Panda, Sanjib Kumar.  2021.  Attack Detection and Mitigation using Multi-Agent System in the Deregulated Market. 2021 IEEE 12th Energy Conversion Congress & Exposition - Asia (ECCE-Asia). :821—826.
Over the past decade, cyber-attack events on the electricity grid are on the rise and have proven to result in severe consequences in grid operation. These attacks are becoming more intelligent and can bypass existing protection protocols, resulting in economic losses due to system operating in a falsified and non-optimal condition over a prolonged period. Hence, it is crucial to develop defense tools to detect and mitigate the attack to minimize the cost of malicious operation. This paper aims to develop a novel command verification strategy to detect and mitigate False Data Injection Attacks (FDIAs) targeting the system centralized Economic Dispatch (ED) control signals. Firstly, we describe the ED problem in Singapore's deregulated market. We then perform a risk assessment and formulate two FDIA vectors - Man in the Middle (MITM) and Stealth attack on the ED control process. Subsequently, we propose a novel verification technique based on Multi-Agent System (MAS) to validate the control commands. This algorithm has been tested on the IEEE 6-Bus 3-generator test system, and experimental results verified that the proposed algorithm can detect and mitigate the FDIA vectors.
Khan, Rafiullah, McLaughlin, Kieran, Kang, BooJoong, Laverty, David, Sezer, Sakir.  2021.  A Novel Edge Security Gateway for End-to-End Protection in Industrial Internet of Things. 2021 IEEE Power & Energy Society General Meeting (PESGM). :1—5.
Many critical industrial control systems integrate a mixture of state-of-the-art and legacy equipment. Legacy installations lack advanced, and often even basic security features, risking entire system security. Existing research primarily focuses on the development of secure protocols for emerging devices or protocol translation proxies for legacy equipment. However, a robust security framework not only needs encryption but also mechanisms to prevent reconnaissance and unauthorized access to industrial devices. This paper proposes a novel Edge Security Gateway (ESG) that provides both, communication and endpoint security. The ESG is based on double ratchet algorithm and encrypts every message with a different key. It manages the ongoing renewal of short-lived session keys and provides localized firewall protection to individual devices. The ESG is easily customizable for a wide range of industrial application. As a use case, this paper presents the design and validation for synchrophasor technology in smart grid. The ESG effectiveness is practically validated in detecting reconnaissance, manipulation, replay, and command injection attacks due to its perfect forward and backward secrecy properties.
Knesek, Kolten, Wlazlo, Patrick, Huang, Hao, Sahu, Abhijeet, Goulart, Ana, Davis, Kate.  2021.  Detecting Attacks on Synchrophasor Protocol Using Machine Learning Algorithms. 2021 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm). :102—107.
Phasor measurement units (PMUs) are used in power grids across North America to measure the amplitude, phase, and frequency of an alternating voltage or current. PMU's use the IEEE C37.118 protocol to send telemetry to phasor data collectors (PDC) and human machine interface (HMI) workstations in a control center. However, the C37.118 protocol utilizes the internet protocol stack without any authentication mechanism. This means that the protocol is vulnerable to false data injection (FDI) and false command injection (FCI). In order to study different scenarios in which C37.118 protocol's integrity and confidentiality can be compromised, we created a testbed that emulates a C37.118 communication network. In this testbed we conduct FCI and FDI attacks on real-time C37.118 data packets using a packet manipulation tool called Scapy. Using this platform, we generated C37.118 FCI and FDI datasets which are processed by multi-label machine learning classifier algorithms, such as Decision Tree (DT), k-Nearest Neighbor (kNN), and Naive Bayes (NB), to find out how effective machine learning can be at detecting such attacks. Our results show that the DT classifier had the best precision and recall rate.
Sachidananda, Vinay, Bhairav, Suhas, Ghosh, Nirnay, Elovici, Yuval.  2019.  PIT: A Probe Into Internet of Things by Comprehensive Security Analysis. 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :522–529.
One of the major issues which are hindering widespread and seamless adoption of Internet of Thing (IoT) is security. The IoT devices are vulnerable and susceptible to attacks which became evident from a series of recent large-scale distributed denial-of-service (DDoS) attacks, leading to substantial business and financial losses. Furthermore, in order to find vulnerabilities in IoT, there is a lack of comprehensive security analysis framework. In this paper, we present a modular, adaptable and tunable framework, called PIT, to probe IoT systems at different layers of design and implementation. PIT consists of several security analysis engines, viz., penetration testing, fuzzing, static analysis, and dynamic analysis and an exploitation engine to discover multiple IoT vulnerabilities, respectively. We also develop a novel grey-box fuzzer, called Applica, as a part of the fuzzing engine to overcome the limitations of the present day fuzzers. The proposed framework has been evaluated on a real-world IoT testbed comprising of the state-of-the-art devices. We discovered several network and system-level vulnerabilities such as Buffer Overflow, Denial-of-Service, SQL Injection, etc., and successfully exploited them to demonstrate the presence of security loopholes in the IoT devices.
Tairi, Erkan, Moreno-Sanchez, Pedro, Maffei, Matteo.  2021.  A2L: Anonymous Atomic Locks for Scalability in Payment Channel Hubs. 2021 IEEE Symposium on Security and Privacy (SP). :1834–1851.
Payment channel hubs (PCHs) constitute a promising solution to the inherent scalability problem of blockchain technologies, allowing for off-chain payments between sender and receiver through an intermediary, called the tumbler. While state-of-the-art PCHs provide security and privacy guarantees against a malicious tumbler, they do so by relying on the scripting-based functionality available only at few cryptocurrencies, and they thus fall short of fundamental properties such as backwards compatibility and efficiency.In this work, we present the first PCH protocol to achieve all aforementioned properties. Our PCH builds upon A2L, a novel cryptographic primitive that realizes a three-party protocol for conditional transactions, where the tumbler pays the receiver only if the latter solves a cryptographic challenge with the help of the sender, which implies the sender has paid the tumbler. We prove the security and privacy guarantees of A2L (which carry over to our PCH construction) in the Universal Composability framework and present a provably secure instantiation based on adaptor signatures and randomizable puzzles. We implemented A2L and compared it to TumbleBit, the state-of-the-art Bitcoin-compatible PCH. Asymptotically, A2L has a communication complexity that is constant, as opposed to linear in the security parameter like in TumbleBit. In practice, A2L requires 33x less bandwidth than TumleBit, while retaining the computational cost (or providing 2x speedup with a preprocessing technique). This demonstrates that A2L (and thus our PCH construction) is ready to be deployed today.In theory, we demonstrate for the first time that it is possible to design a secure and privacy-preserving PCH while requiring only digital signatures and timelock functionality from the underlying scripting language. In practice, this result makes our PCH backwards compatible with virtually all cryptocurrencies available today, even those offering a highly restricted form of scripting language such as Ripple or Stellar. The practical appealing of our construction has resulted in a proof-of-concept implementation in the COMIT Network, a blockchain technology focused on cross-currency payments.
Camenisch, Jan, Dubovitskaya, Maria, Rial, Alfredo.  2021.  Concise UC Zero-Knowledge Proofs for Oblivious Updatable Databases. 2021 IEEE 34th Computer Security Foundations Symposium (CSF). :1–16.
We propose an ideal functionality FCD and a construction ΠCD for oblivious and updatable committed databases. FCD allows a prover P to read, write, and update values in a database and to prove to a verifier V in zero-knowledge (ZK) that a value is read from or written into a certain position. The following properties must hold: (1) values stored in the database remain hidden from V; (2) a value read from a certain position is equal to the value previously written into that position; (3) (obliviousness) both the value read or written and its position remain hidden from V.ΠCD is based on vector commitments. After the initialization phase, the cost of read and write operations is independent of the database size, outperforming other techniques that achieve cost sublinear in the dataset size for prover and/or verifier. Therefore, our construction is especially appealing for large datasets. In existing “commit-and-prove” two-party protocols, the task of maintaining a committed database between P and V and reading and writing values into it is not separated from the task of proving statements about the values read or written. FCD allows us to improve modularity in protocol design by separating those tasks. In comparison to simply using a commitment scheme to maintain a committed database, FCD allows P to hide efficiently the positions read or written from V. Thanks to this property, we design protocols for e.g. privacy-preserving e-commerce and location-based services where V gathers aggregate statistics about the statements that P proves in ZK.
Sani, Abubakar Sadiq, Yuan, Dong, Meng, Ke, Dong, Zhao Yang.  2021.  R-Chain: A Universally Composable Relay Resilience Framework for Smart Grids. 2021 IEEE Power & Energy Society General Meeting (PESGM). :01–05.
Smart grids can be exposed to relay attacks (or wormhole attacks) resulting from weaknesses in cryptographic operations such as authentication and key derivation associated with process automation protocols. Relay attacks refer to attacks in which authentication is evaded without needing to attack the smart grid itself. By using a universal composability model that provides a strong security notion for designing cryptographic operations, we formulate the necessary relay resilience settings for strengthening authentication and key derivation and enhancing relay security in process automation protocols in this paper. We introduce R-Chain, a universally composable relay resilience framework that prevents bypass of cryptographic operations. Our framework provides an ideal chaining functionality that integrates all cryptographic operations such that all outputs from a preceding operation are used as input to the subsequent operation to support relay resilience. We apply R-Chain to provide relay resilience in a practical smart grid process automation protocol, namely WirelessHART.
Blanco, Geison, Perez, Juan, Monsalve, Jonathan, Marquez, Miguel, Esnaola, Iñaki, Arguello, Henry.  2021.  Single Snapshot System for Compressive Covariance Matrix Estimation for Hyperspectral Imaging via Lenslet Array. 2021 XXIII Symposium on Image, Signal Processing and Artificial Vision (STSIVA). :1—5.
Compressive Covariance Sampling (CCS) is a strategy used to recover the covariance matrix (CM) directly from compressive measurements. Several works have proven the advantages of CSS in Compressive Spectral Imaging (CSI) but most of these algorithms require multiple random projections of the scene to obtain good reconstructions. However, several low-resolution copies of the scene can be captured in a single snapshot through a lenslet array. For this reason, this paper proposes a sensing protocol and a single snapshot CCS optical architecture using a lenslet array based on the Dual Dispersive Aperture Spectral Imager(DD-CASSI) that allows the recovery of the covariance matrix with a single snapshot. In this architecture uses the lenslet array allows to obtain different projections of the image in a shot due to the special coded aperture. In order to validate the proposed approach, simulations evaluated the quality of the recovered CM and the performance recovering the spectral signatures against traditional methods. Results show that the image reconstructions using CM have PSNR values about 30 dB, and reconstructed spectrum has a spectral angle mapper (SAM) error less than 15° compared to the original spectral signatures.
2022-08-03
Morio, Kevin, Künnemann, Robert.  2021.  Verifying Accountability for Unbounded Sets of Participants. 2021 IEEE 34th Computer Security Foundations Symposium (CSF). :1—16.
Little can be achieved in the design of security protocols without trusting at least some participants. This trust should be justified or, at the very least, subject to examination. One way to strengthen trustworthiness is to hold parties accountable for their actions, as this provides a strong incentive to refrain from malicious behavior. This has led to an increased interest in accountability in the design of security protocols. In this work, we combine the accountability definition of Künnemann, Esiyok, and Backes [21] with the notion of case tests to extend its applicability to protocols with unbounded sets of participants. We propose a general construction of verdict functions and a set of verification conditions that achieve soundness and completeness. Expressing the verification conditions in terms of trace properties allows us to extend TAMARIN - a protocol verification tool - with the ability to analyze and verify accountability properties in a highly automated way. In contrast to prior work, our approach is significantly more flexible and applicable to a wider range of protocols.
2022-08-02
Liu, Zhihao, Wang, Qiang, Li, Yongjian, Zhao, Yongxin.  2021.  CMSS: Collaborative Modeling of Safety and Security Requirements for Network Protocols. 2021 IEEE Intl Conf on Parallel & Distributed Processing with Applications, Big Data & Cloud Computing, Sustainable Computing & Communications, Social Computing & Networking (ISPA/BDCloud/SocialCom/SustainCom). :185—192.
Analyzing safety and security requirements remains a difficult task in the development of real-life network protocols. Although numerous modeling and analyzing methods have been proposed in the past decades, most of them handle safety and security requirements separately without considering their interplay. In this work, we propose a collaborative modeling framework that enables co-analysis of safety and security requirements for network protocols. Our modeling framework is based on a well-defined type system and supports modeling of network topology, message flows, protocol behaviors and attacker behaviors. It also supports the specification of safety requirements as temporal logical formulae and typical security requirements as queries, and leverages on the existing verification tools for formal safety and security analysis via model transformations. We have implemented this framework in a prototype tool CMSS, and illustrated the capability of CMSS by using the 5G AKA initialization protocol as a case study.
2022-08-01
Catalfamo, Alessio, Ruggeri, Armando, Celesti, Antonio, Fazio, Maria, Villari, Massimo.  2021.  A Microservices and Blockchain Based One Time Password (MBB-OTP) Protocol for Security-Enhanced Authentication. 2021 IEEE Symposium on Computers and Communications (ISCC). :1—6.
Nowadays, the increasing complexity of digital applications for social and business activities has required more and more advanced mechanisms to prove the identity of subjects like those based on the Two-Factor Authentication (2FA). Such an approach improves the typical authentication paradigm but it has still some weaknesses. Specifically, it has to deal with the disadvantages of a centralized architecture causing several security threats like denial of service (DoS) and man-in-the-middle (MITM). In fact, an attacker who succeeds in violating the central authentication server could be able to impersonate an authorized user or block the whole service. This work advances the state of art of 2FA solutions by proposing a decentralized Microservices and Blockchain Based One Time Password (MBB-OTP) protocol for security-enhanced authentication able to mitigate the aforementioned threats and to fit different application scenarios. Experiments prove the goodness of our MBB-OTP protocol considering both private and public Blockchain configurations.
2022-07-29
Wang, Zhaohong, Guo, Jing.  2021.  Denoising Signals on the Graph for Distributed Systems by Secure Outsourced Computation. 2021 IEEE 7th World Forum on Internet of Things (WF-IoT). :524—529.
The burgeoning networked computing devices create many distributed systems and generate new signals on a large scale. Many Internet of Things (IoT) applications, such as peer-to-peer streaming of multimedia data, crowdsourcing, and measurement by sensor networks, can be modeled as a form of big data. Processing massive data calls for new data structures and algorithms different from traditional ones designed for small-scale problems. For measurement from networked distributed systems, we consider an essential data format: signals on graphs. Due to limited computing resources, the sensor nodes in the distributed systems may outsource the computing tasks to third parties, such as cloud platforms, arising a severe concern on data privacy. A de-facto solution is to have third parties only process encrypted data. We propose a novel and efficient privacy-preserving secure outsourced computation protocol for denoising signals on the graph based on the information-theoretic secure multi-party computation (ITS-MPC). Denoising the data makes paths for further meaningful data processing. From experimenting with our algorithms in a testbed, the results indicate a better efficiency of our approach than a counterpart approach with computational security.
Baruah, Barnana, Dhal, Subhasish.  2021.  An Authenticated Key Agreement Scheme for Secure Communication in Smart Grid. 2021 International Conference on COMmunication Systems & NETworkS (COMSNETS). :447—455.
Rapid development of wireless technologies has driven the evolution of smart grid application. In smart grid, authentication plays an important role for secure communication between smart meter and service provider. Hence, the design of secure authenticated key agreement schemes has received significant attention from researchers. In these schemes, a trusted third party directly participates in key agreement process. Although, this third party is assumed as trusted, however we cannot reject the possibility that being a third party, it can also be malicious. In the existing works, either the established session key is revealed to the agents of a trusted third party, or a trusted third party agent can impersonate the smart meter and establish a valid session key with the service provider, which is likely to cause security vulnerabilities. Therefore, there is a need to design a secure authentication scheme so that only the deserving entities involved in the communication can establish and know the session key. This paper proposes a new secure authenticated key agreement scheme for smart grid considering the fact that the third party can also be malicious. The security of the proposed scheme has been thoroughly evaluated using an adversary model. Correctness of the scheme has been analyzed using the broadly accepted Burrows-Abadi-Needham (BAN) Logic. In addition, the formal security verification of the proposed scheme has been performed using the widely accepted Automated Validation of Internet Security Protocols and Applications (AVISPA) simulation tool. Results of this simulation confirm that the proposed scheme is safe. Detailed security analysis shows the robustness of the scheme against various known attacks. Moreover, the comparative performance study of the proposed scheme with other relevant schemes is presented to demonstrate its practicality.
Shu, ZhiMeng, Liu, YongGuang, Wang, HuiNan, Sun, ChaoLiang, He, ShanShan.  2021.  Research on the feasibility technology of Internet of things terminal security monitoring. 2021 6th International Symposium on Computer and Information Processing Technology (ISCIPT). :831—836.
As an important part of the intelligent measurement system, IOT terminal is in the “edge” layer of the intelligent measurement system architecture. It is the key node of power grid management and cloud fog integration. Its information security is the key to the construction of the security system of intelligent measurement, and the security link between the cloud and sensor measurement. With the in-depth integration of energy flow, information flow and business flow, and the in-depth application of digital technologies such as cloud computing, big data, internet of things, mobile Internet and artificial intelligence, the transformation and development of power system to digital and high-quality digital power grid has been accelerated. As a typical multi-dimensional complex system combining physical space and information space, the security threats and risks faced by the digital grid are more complex. The security risks in the information space will transfer the hazards to the power system and physical space. The Internet of things terminal is facing a more complex situation in the security field than before. This paper studies the feasibility of the security monitoring technology of the Internet of things terminal, in order to reduce the potential risks, improve the safe operation environment of the Internet of things terminal and improve the level of the security protection of the Internet of things terminal. One is to study the potential security problems of Internet of things terminal, and put forward the technical specification of security protection of Internet of things terminal. The second is to study the Internet of things terminal security detection technology, research and develop terminal security detection platform, and realize the unified detection of terminal security protection. The third is to study the security monitoring technology of the Internet of things terminal, develop the security monitoring system of the Internet of things terminal, realize the terminal security situation awareness and threat identification, timely discover the terminal security vulnerabilities, and ensure the stable and safe operation of the terminal and related business master station.
2022-07-15
Luo, Yun, Chen, Yuling, Li, Tao, Wang, Yilei, Yang, Yixian.  2021.  Using information entropy to analyze secure multi-party computation protocol. 2021 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech). :312—318.

Secure multi-party computation(SMPC) is an important research field in cryptography, secure multi-party computation has a wide range of applications in practice. Accordingly, information security issues have arisen. Aiming at security issues in Secure multi-party computation, we consider that semi-honest participants have malicious operations such as collusion in the process of information interaction, gaining an information advantage over honest parties through collusion which leads to deviations in the security of the protocol. To solve this problem, we combine information entropy to propose an n-round information exchange protocol, in which each participant broadcasts a relevant information value in each round without revealing additional information. Through the change of the uncertainty of the correct result value in each round of interactive information, each participant cannot determine the correct result value before the end of the protocol. Security analysis shows that our protocol guarantees the security of the output obtained by the participants after the completion of the protocol.

D'Arco, Paolo, Ansaroudi, Zahra Ebadi.  2021.  Security Attacks on Multi-Stage Proof-of-Work. 2021 IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events (PerCom Workshops). :698—703.
Multi-stage Proof-of-Work is a recently proposed protocol which extends the Proof-of-Work protocol used in Bitcoin. It splits Proof-of-Work into multiple stages, to achieve a more efficient block generation and a fair reward distribution. In this paper we study some of the Multi-stage Proof-of-Work security vulnerabilities. Precisely, we present two attacks: a Selfish Mining attack and a Selfish Stage-Withholding attack. We show that Multi-stage Proof-of-Work is not secure against a selfish miner owning more than 25% of the network hashing power. Moreover, we show that Selfish Stage-Withholding is a complementary strategy to boost a selfish miner's profitability.
Sánchez, Ricardo Andrés González, Bernal, Davor Julián Moreno, Parada, Hector Dario Jaimes.  2021.  Security assessment of Nosql Mongodb, Redis and Cassandra database managers. 2021 Congreso Internacional de Innovación y Tendencias en Ingeniería (CONIITI). :1—7.
The advancement of technology in the creation of new tools to solve problems such as information storage generates proportionally developing methods that search for security flaws or breaches that compromise said information. The need to periodically generate security reports on database managers is given by the complexity and number of attacks that can be carried out today. This project seeks to carry out an evaluation of the security of NoSQL database managers. The work methodology is developed according to the order of the objectives, it begins by synthesizing the types of vulnerabilities, attacks and protection schemes limited to MongoDB, Redis and Apache Cassandra. Once established, a prototype of a web system that stores information with a non-relational database will be designed on which a series of attacks defined by a test plan will be applied seeking to add, consult, modify or eliminate information. Finally, a report will be presented that sets out the attacks carried out, the way in which they were applied, the results, possible countermeasures, security advantages and disadvantages for each manager and the conclusions obtained. Thus, it is possible to select which tool is more convenient to use for a person or organization in a particular case. The results showed that MongoDB is more vulnerable to NoSQL injection attacks, Redis is more vulnerable to attacks registered in the CVE and that Cassandra is more complex to use but is less vulnerable.
N, Praveena., Vivekanandan, K..  2021.  A Study on Shilling Attack Identification in SAN using Collaborative Filtering Method based Recommender Systems. 2021 International Conference on Computer Communication and Informatics (ICCCI). :1—5.
In Social Aware Network (SAN) model, the elementary actions focus on investigating the attributes and behaviors of the customer. This analysis of customer attributes facilitate in the design of highly active and improved protocols. In specific, the recommender systems are highly vulnerable to the shilling attack. The recommender system provides the solution to solve the issues like information overload. Collaborative filtering based recommender systems are susceptible to shilling attack known as profile injection attacks. In the shilling attack, the malicious users bias the output of the system's recommendations by adding the fake profiles. The attacker exploits the customer reviews, customer ratings and fake data for the processing of recommendation level. It is essential to detect the shilling attack in the network for sustaining the reliability and fairness of the recommender systems. This article reviews the most prominent issues and challenges of shilling attack. This paper presents the literature survey which is contributed in focusing of shilling attack and also describes the merits and demerits with its evaluation metrics like attack detection accuracy, precision and recall along with different datasets used for identifying the shilling attack in SAN network.
2022-07-14
Almousa, May, Osawere, Janet, Anwar, Mohd.  2021.  Identification of Ransomware families by Analyzing Network Traffic Using Machine Learning Techniques. 2021 Third International Conference on Transdisciplinary AI (TransAI). :19–24.
The number of prominent ransomware attacks has increased recently. In this research, we detect ransomware by analyzing network traffic by using machine learning algorithms and comparing their detection performances. We have developed multi-class classification models to detect families of ransomware by using the selected network traffic features, which focus on the Transmission Control Protocol (TCP). Our experiment showed that decision trees performed best for classifying ransomware families with 99.83% accuracy, which is slightly better than the random forest algorithm with 99.61% accuracy. The experimental result without feature selection classified six ransomware families with high accuracy. On the other hand, classifiers with feature selection gave nearly the same result as those without feature selection. However, using feature selection gives the advantage of lower memory usage and reduced processing time, thereby increasing speed. We discovered the following ten important features for detecting ransomware: time delta, frame length, IP length, IP destination, IP source, TCP length, TCP sequence, TCP next sequence, TCP header length, and TCP initial round trip.
Ismail, Safwati, Alkawaz, Mohammed Hazim, Kumar, Alvin Ebenazer.  2021.  Quick Response Code Validation and Phishing Detection Tool. 2021 IEEE 11th IEEE Symposium on Computer Applications & Industrial Electronics (ISCAIE). :261–266.
A Quick Response (QR) Code is a type of barcode that can be read by the digital devices and which stores the information in a square-shaped. The QR Code readers can extract data from the patterns which are presented in the QR Code matrix. A QR Code can be acting as an attack vector that can harm indirectly. In such case a QR Code can carry malicious or phishing URLs and redirect users to a site which is well conceived by the attacker and pretends to be an authorized one. Once the QR Code is decoded the commands are triggered and executed, causing damage to information, operating system and other possible sequence the attacker expects to gain. In this paper, a new model for QR Code authentication and phishing detection has been presented. The proposed model will be able to detect the phishing and malicious URLs in the process of the QR Code validation as well as to prevent the user from validating it. The development of this application will help to prevent users from being tricked by the harmful QR Codes.
Razaque, Abdul, Alexandrov, Vladislav, Almiani, Muder, Alotaibi, Bandar, Alotaibi, Munif, Al-Dmour, Ayman.  2021.  Comparative Analysis of Digital Signature and Elliptic Curve Digital Signature Algorithms for the Validation of QR Code Vulnerabilities. 2021 Eighth International Conference on Software Defined Systems (SDS). :1–7.
Quick response (QR) codes are currently used ubiq-uitously. Their interaction protocol design is initially unsecured. It forces users to scan QR codes, which makes it harder to differentiate a genuine code from a malicious one. Intruders can change the original QR code and make it fake, which can lead to phishing websites that collect sensitive data. The interaction model can be improved and made more secure by adding some modifications to the backend side of the application. This paper addresses the vulnerabilities of QR codes and recommends improvements in security design. Furthermore, two state-of-the-art algorithms, Digital Signature (DS) and Elliptic Curve Digital Signature (ECDS), are analytically compared to determine their strengths in QR code security.
Adhikari, Tinku, Ghosh, Arindam, Khan, Ajoy Kumar, Laha, Swarnalina, Mitra, Purbita, Karmakar, Raja.  2021.  Quantum Resistance for Cryptographic Keys in Classical Cryptosystems: A Study on QKD Protocols. 2021 12th International Conference on Computing Communication and Networking Technologies (ICCCNT). :1—7.
Distribution of keys in classical cryptography is one of the most significant affairs to deal with. The computational hardness is the fundamental basis of the security of these keys. However, in the era of quantum computing, quantum computers can break down these keys with their substantially more computation capability than normal computers. For instance, a quantum computer can easily break down RSA or ECC in polynomial time. In order to make the keys quantum resistant, Quantum Key Distribution (QKD) is developed to enforce security of the classical cryptographic keys from the attack of quantum computers. By using quantum mechanics, QKD can reinforce the durability of the keys of classical cryptography, which were practically unbreakable during the pre-quantum era. Thus, an extensive study is required to understand the importance of QKD to make the classical cryptographic key distributions secure against both classical and quantum computers. Therefore, in this paper, we discuss trends and limitations of key management protocols in classical cryptography, and demonstrates a relative study of different QKD protocols. In addition, we highlight the security implementation aspects of QKD, which lead to the solution of threats occurring in a quantum computing scenario, such that the cryptographic keys can be quantum resistant.
Sadkhan, Sattar B., Abbas, Rana.  2021.  The Role of Quantum and Post-Quantum Techniques in Wireless Network Security - Status, Challenges and Future Trends. 2021 4th International Iraqi Conference on Engineering Technology and Their Applications (IICETA). :296—302.
One of the most essential ways of communication is the wireless network. As a result, ensuring the security of information transmitted across wireless networks is a critical concern. For wireless networks, classical cryptography provides conditional security with several loopholes, but quantum cryptography claims to be unconditionally safe. People began to consider beyond classical cryptosystems for protecting future electronic communication when quantum computers became functional. With all of these flaws in classical cryptosystems in mind, people began to consider beyond it for protecting future electronic communication. Quantum cryptography addresses practically all flaws in traditional cryptography.
2022-07-13
Chattha, Haseeb Ahmed, Rehman, Muhammad Miftah Ur, Mustafa, Ghulam, Khan, Abdul Qayyum, Abid, Muhammad, Haq, Ehtisham Ul.  2021.  Implementation of Cyber-Physical Systems with Modbus Communication for Security Studies. 2021 International Conference on Cyber Warfare and Security (ICCWS). :45—50.
Modbus is a popular industrial communication protocol supported by most automation devices. Despite its popularity, it is not a secure protocol because when it was developed, security was not a concern due to closed environments of industrial control systems. With the convergence of information technology and operational technology in recent years, the security of industrial control systems has become a serious concern. Due to the high availability requirements, it is not practical or feasible to do security experimentation of production systems. We present an implementation of cyber-physical systems with Modbus/TCP communication for real-time security testing. The proposed architecture consists of a process simulator, an IEC 61131-3 compliant programmable logic controller, and a human-machine interface, all communicating via Modbus/TCP protocol. We use Simulink as the process simulator. It does not have built-in support for the Modbus protocol. A contribution of the proposed work is to extend the functionality of Simulink with a custom block to enable Modbus communication. We use two case studies to demonstrate the utility of the cyber-physical system architecture. We can model complex industrial processes with this architecture, can launch cyber-attacks, and develop protection mechanisms.
Nanjo, Yuki, Shirase, Masaaki, Kodera, Yuta, Kusaka, Takuya, Nogami, Yasuyuki.  2021.  A Construction Method of Final Exponentiation for a Specific Cyclotomic Family of Pairing-Friendly Elliptic Curves with Prime Embedding Degrees. 2021 Ninth International Symposium on Computing and Networking (CANDAR). :148—154.
Pairings on elliptic curves which are carried out by the Miller loop and final exponentiation are used for innovative protocols such as ID-based encryption and group signature authentication. As the recent progress of attacks for finite fields in which pairings are defined, the importance of the use of the curves with prime embedding degrees \$k\$ has been increased. In this manuscript, the authors provide a method for providing efficient final exponentiation algorithms for a specific cyclotomic family of curves with arbitrary prime \$k\$ of \$k\textbackslashtextbackslashequiv 1(\textbackslashtextbackslashtextmod\textbackslashtextbackslash 6)\$. Applying the proposed method for several curves such as \$k=7\$, 13, and 19, it is found that the proposed method gives rise to the same algorithms as the previous state-of-the-art ones by the lattice-based method.