Visible to the public Biblio

Filters: Keyword is NIST  [Clear All Filters]
2022-01-25
Hughes, Kieran, McLaughlin, Kieran, Sezer, Sakir.  2021.  Towards Intrusion Response Intel. 2021 IEEE International Conference on Cyber Security and Resilience (CSR). :337—342.
Threat Intelligence has been a key part of the success of Intrusion Detection, with several trusted sources leading to wide adoption and greater understanding of new and trending threats to computer networks. Identifying potential threats and live attacks on networks is only half the battle, knowing how to correctly respond to these threats and attacks requires in-depth and domain specific knowledge, which may be unique to subject experts and software vendors. Network Incident Responders and Intrusion Response Systems can benefit from a similar approach to Threat Intel, with a focus on potential Response actions. A qualitative comparison of current Threat Intel Sources and prominent Intrusion Response Systems is carried out to aid in the identification of key requirements to be met to enable the adoption of Response Intel. Building on these requirements, a template for Response Intel is proposed which incorporates standardised models developed by MITRE. Similarly, to facilitate the automated use of Response Intel, a structure for automated Response Actions is proposed.
Shameem Ahamed, Waheeda Syed, Zavarsky, Pavol, Swar, Bobby.  2021.  Security Audit of Docker Container Images in Cloud Architecture. 2021 2nd International Conference on Secure Cyber Computing and Communications (ICSCCC). :202—207.
Containers technology radically changed the ways for packaging applications and deploying them as services in cloud environments. According to the recent report on security predictions of 2020 by Trend Micro, the vulnerabilities in container components deployed with cloud architecture have been one of the top security concerns for development and operations teams in enterprises. Docker is one of the leading container technologies that automate the deployment of applications into containers. Docker Hub is a public repository by Docker for storing and sharing the Docker images. These Docker images are pulled from the Docker Hub repository and the security of images being used from the repositories in any cloud environment could be at risk. Vulnerabilities in Docker images could have a detrimental effect on enterprise applications. In this paper, the focus is on securing the Docker images using vulnerability centric approach (VCA) to detect the vulnerabilities. A set of use cases compliant with the NIST SP 800-190 Application Container Security Guide is developed for audit compliance of Docker container images with the OWASP Container Security Verification Standards (CSVS). In this paper, firs vulnerabilities of Docker container images are identified and assessed using the VCA. Then, a set of use cases to identify presence of the vulnerabilities is developed to facilitate the security audit of the container images. Finally, it is illustrated how the proposed use cases can be mapped with the requirements of the OWASP Container Security Verification Standards. The use cases can serve as a security auditing tool during the development, deployment, and maintenance of cloud microservices applications.
2021-12-20
Hong, Seoung-Pyo, Lim, Chae-Ho, lee, hoon jae.  2021.  APT attack response system through AM-HIDS. 2021 23rd International Conference on Advanced Communication Technology (ICACT). :271–274.
In this paper, an effective Advanced Persistent Threat (APT) attack response system was proposed. Reference to the NIST Cyber Security Framework (CRF) was made to present the most cost-effective measures. It has developed a system that detects and responds to real-time AM-HIDS (Anti Malware Host Intrusion Detection System) that monitors abnormal change SW of PCs as a prevention of APT. It has proved that the best government-run security measures are possible to provide an excellent cost-effectiveness environment to prevent APT attacks.
2021-08-31
Ji, Zhigang, Brown, James, Zhang, Jianfu.  2020.  True Random Number Generator (TRNG) for Secure Communications in the Era of IoT. 2020 China Semiconductor Technology International Conference (CSTIC). :1—5.
True Random number Generator (TRNG) is critical for secure communications. In this work, we explain in details regarding our recent solution on TRNG using random telegraph noise (RTN) including the benefits and the disadvantages. Security check is performed using the NIST randomness tests for both the RTN-based TRNG and various conventional pseudo random umber generator. The newly-proposed design shows excellent randomness, power consumption, low design complexity, small area and high speed, making it a suitable candidate for future cryptographically secured applications within the internet of things.
2021-08-18
Al-Aali, Yousuf, Boussakta, Said.  2020.  Lightweight block ciphers for resource-constrained devices. 2020 12th International Symposium on Communication Systems, Networks and Digital Signal Processing (CSNDSP). :1—6.
Lightweight cryptography is a new branch of cryptography focused on providing security to resource-constraint devices such as wireless sensor networks (WSN), Radio-Frequency Identification (RFIDs) and other embedded systems. The factors considered in lightweight cryptography are mainly circuit area, memory requirement, processing time, latency, power, and energy consumption. This paper presents a discussion on common lightweight block ciphers in terms of different performance parameters, strength, design trends, limitations, and applications including the National Institute of Science and Technology (NIST) round 1 and 2 candidates. Analysis of these lightweight algorithms has offered an insight into this newly emerging field of cryptography.
2021-08-03
Yang, Jianguo, Lei, Dengyun, Chen, Deyang, Li, Jing, Jiang, Haijun, Ding, Qingting, Luo, Qing, Xue, Xiaoyong, Lv, Hangbing, Zeng, Xiaoyang et al..  2020.  A Machine-Learning-Resistant 3D PUF with 8-layer Stacking Vertical RRAM and 0.014% Bit Error Rate Using In-Cell Stabilization Scheme for IoT Security Applications. 2020 IEEE International Electron Devices Meeting (IEDM). :28.6.1–28.6.4.
In this work, we propose and demonstrate a multi-layer 3-dimensional (3D) vertical RRAM (VRRAM) PUF with in-cell stabilization scheme to improve both cost efficiency and reliability. An 8-layer VRRAM array was manufactured with excellent uniformity and good endurance of \textbackslashtextgreater107. Apart from the variation in RRAM resistance, enhanced randomness is obtained thanks to the parasitic IR drop and abundant sneak current paths in 3D VRRAM. To deal with the common issue of unstable bits in PUF output, in-cell stabilization is proposed by first employing asymmetric biasing to detect the unstable bits and then exploiting reprogramming to expand the deviation to stabilize the output. The bit error rate is reduced by \textbackslashtextgreater7X (68X) for 3(5) times reprogramming. The proposed PUF features excellent resistance against machine learning attack and passes both National Institute of Standards and Technology (NIST) 800-22 and NIST 800-90B test suites.
2021-05-25
AKCENGİZ, Ziya, Aslan, Melis, Karabayır, Özgür, Doğanaksoy, Ali, Uğuz, Muhiddin, Sulak, Fatih.  2020.  Statistical Randomness Tests of Long Sequences by Dynamic Partitioning. 2020 International Conference on Information Security and Cryptology (ISCTURKEY). :68—74.
Random numbers have a wide usage in the area of cryptography. In practice, pseudo random number generators are used in place of true random number generators, as regeneration of them may be required. Therefore because of generation methods of pseudo random number sequences, statistical randomness tests have a vital importance. In this paper, a randomness test suite is specified for long binary sequences. In literature, there are many randomness tests and test suites. However, in most of them, to apply randomness test, long sequences are partitioned into a certain fixed length and the collection of short sequences obtained is evaluated instead. In this paper, instead of partitioning a long sequence into fixed length subsequences, a concept of dynamic partitioning is introduced in accordance with the random variable in consideration. Then statistical methods are applied. The suggested suite, containing four statistical tests: Collision Tests, Weight Test, Linear Complexity Test and Index Coincidence Test, all of them work with the idea of dynamic partitioning. Besides the adaptation of this approach to randomness tests, the index coincidence test is another contribution of this work. The distribution function and the application of all tests are given in the paper.
2021-04-08
Walia, K. S., Shenoy, S., Cheng, Y..  2020.  An Empirical Analysis on the Usability and Security of Passwords. 2020 IEEE 21st International Conference on Information Reuse and Integration for Data Science (IRI). :1–8.
Security and usability are two essential aspects of a system, but they usually move in opposite directions. Sometimes, to achieve security, usability has to be compromised, and vice versa. Password-based authentication systems require both security and usability. However, to increase password security, absurd rules are introduced, which often drive users to compromise the usability of their passwords. Users tend to forget complex passwords and use techniques such as writing them down, reusing them, and storing them in vulnerable ways. Enhancing the strength while maintaining the usability of a password has become one of the biggest challenges for users and security experts. In this paper, we define the pronounceability of a password as a means to measure how easy it is to memorize - an aspect we associate with usability. We examine a dataset of more than 7 million passwords to determine whether the usergenerated passwords are secure. Moreover, we convert the usergenerated passwords into phonemes and measure the pronounceability of the phoneme-based representations. We then establish a relationship between the two and suggest how password creation strategies can be adapted to better align with both security and usability.
2021-03-17
Bajpai, P., Enbody, R..  2020.  Attacking Key Management in Ransomware. IT Professional. 22:21—27.

Ransomware have observed a steady growth over the years with several concerning trends that indicate efficient, targeted attacks against organizations and individuals alike. These opportunistic attackers indiscriminately target both public and private sector entities to maximize gain. In this article, we highlight the criticality of key management in ransomware's cryptosystem in order to facilitate building effective solutions against this threat. We introduce the ransomware kill chain to elucidate the path our adversaries must take to attain their malicious objective. We examine current solutions presented against ransomware in light of this kill chain and specify which constraints on ransomware are being violated by the existing solutions. Finally, we present the notion of memory attacks against ransomware's key management and present our initial experiments with dynamically extracting decryption keys from real-world ransomware. Results of our preliminary research are promising and the extracted keys were successfully deployed in subsequent data decryption.

2021-03-15
Khuchit, U., Wu, L., Zhang, X., Yin, Y., Batsukh, A., Mongolyn, B., Chinbat, M..  2020.  Hardware Design of Polynomial Multiplication for Byte-Level Ring-LWE Based Cryptosystem. 2020 IEEE 14th International Conference on Anti-counterfeiting, Security, and Identification (ASID). :86–89.
An ideal lattice is defined over a ring learning with errors (Ring-LWE) problem. Polynomial multiplication over the ring is the most computational and time-consuming block in lattice-based cryptography. This paper presents the first hardware design of the polynomial multiplication for LAC, one of the Round-2 candidates of the NIST PQC Standardization Process, which has byte-level modulus p=251. The proposed architecture supports polynomial multiplications for different degree n (n=512/1024/2048). For designing the scheme, we used the Vivado HLS compiler, a high-level synthesis based hardware design methodology, which is able to optimize software algorithms into actual hardware products. The design of the scheme takes 274/280/291 FFs and 204/217/208 LUTs on the Xilinx Artix-7 family FPGA, requested by NIST PQC competition for hardware implementation. Multiplication core uses only 1/1/2 pieces of 18Kb BRAMs, 1/1/1 DSPs, and 90/94/95 slices on the board. Our timing result achieved in an alternative degree n with 5.052/4.3985/5.133ns.
2021-03-09
Razaque, A., Amsaad, F., Almiani, M., Gulsezim, D., Almahameed, M. A., Al-Dmour, A., Khan, M. J., Ganda, R..  2020.  Successes and Failures in Exploring Biometric Algorithms in NIST Open Source Software and Data. 2020 Seventh International Conference on Software Defined Systems (SDS). :231—234.

With the emergence of advanced technology, the user authentication methods have also been improved. Authenticating the user, several secure and efficient approaches have been introduced, but the biometric authentication method is considered much safer as compared to password-driven methods. In this paper, we explore the risks, concerns, and methods by installing well-known open-source software used in Unibiometric analysis by the partners of The National Institute of Standards and Technology (NIST). Not only are the algorithms used all open source but it comes with test data and several internal open source utilities necessary to process biometric data.

2021-02-15
Reyad, O., Karar, M., Hamed, K..  2020.  Random Bit Generator Mechanism Based on Elliptic Curves and Secure Hash Function. 2019 International Conference on Advances in the Emerging Computing Technologies (AECT). :1–6.
Pseudorandom bit generators (PRBG) can be designed to take the advantage of some hard number theoretic problems such as the discrete logarithm problem (DLP). Such type of generators will have good randomness and unpredictability properties as it is so difficult to find an easy solution to the regarding mathematical dilemma. Hash functions in turn play a remarkable role in many cryptographic tasks to achieve various security strengths. In this paper, a pseudorandom bit generator mechanism that is based mainly on the elliptic curve discrete logarithm problem (ECDLP) and hash derivation function is proposed. The cryptographic hash functions are used in consuming applications that require various security strengths. In a good hash function, finding whatever the input that can be mapped to any pre-specified output is considered computationally infeasible. The obtained pseudorandom bits are tested with NIST statistical tests and it also could fulfill the up-to-date standards. Moreover, a 256 × 256 grayscale images are encrypted with the obtained pseudorandom bits following by necessary analysis of the cipher images for security prove.
Taşkın, H. K., Cenk, M..  2020.  TMVP-Friendly Primes for Efficient Elliptic Curve Cryptography. 2020 International Conference on Information Security and Cryptology (ISCTURKEY). :80–87.
The need for faster and practical cryptography is a research topic for decades. In case of elliptic curve cryptography, which was proposed by Koblitz and Miller in 1985 as a more efficient alternative to RSA, the applications in real life started after 2000s. Today, most of the popular applications and protocols like Whatsapp, Signal, iOS, Android, TLS, SSH, Bitcoin etc. make use of Elliptic curve cryptography. One of the important factor for high performance elliptic curve cryptography is the finite field multiplication. In this paper, we first describe how to choose proper prime fields that makes use of Topelitz-matrices to get faster field multiplication, then we give parameter choice details to select prime fields that supports Toeplitz-matrix vector product operations. Then, we introduce the safe curve selection rationale and discuss about security. We propose new curves, discuss implementation and benchmark results and conclude our work.
2021-01-22
Kubba, Z. M. Jawad, Hoomod, H. K..  2019.  A Hybrid Modified Lightweight Algorithm Combined of Two Cryptography Algorithms PRESENT and Salsa20 Using Chaotic System. 2019 First International Conference of Computer and Applied Sciences (CAS). :199–203.

Cryptography algorithms play a critical role in information technology against various attacks witnessed in the digital era. Many studies and algorithms are done to achieve security issues for information systems. The high complexity of computational operations characterises the traditional cryptography algorithms. On the other hand, lightweight algorithms are the way to solve most of the security issues that encounter applying traditional cryptography in constrained devices. However, a symmetric cipher is widely applied for ensuring the security of data communication in constraint devices. In this study, we proposed a hybrid algorithm based on two cryptography algorithms PRESENT and Salsa20. Also, a 2D logistic map of a chaotic system is applied to generate pseudo-random keys that produce more complexity for the proposed cipher algorithm. The goal of the proposed algorithm is to present a hybrid algorithm by enhancing the complexity of the current PRESENT algorithm while keeping the performance of computational operations as minimal. The proposed algorithm proved working efficiently with fast executed time, and the analysed result of the generated sequence keys passed the randomness of the NIST suite.

2020-10-05
Hong, Jin Bum, Yusuf, Simon Enoch, Kim, Dong Seong, Khan, Khaled MD.  2018.  Stateless Security Risk Assessment for Dynamic Networks. 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W). :65–66.
Emerging networking technologies, such as cloud and Software Defined Networking, provide flexibility, elasticity and functionalities to change the network configurations over time. However, changes also impose unpredictable security postures at different times, creating difficulties to the security assessment of the network. To address this issue, we propose a stateless security risk assessment, which combines the security posture of network states at different times to provide an overall security overview. This paper describes the methodologies of the stateless security risk assessment. Our approach is applicable to any emerging networking technologies with dynamic changes.
2020-09-08
Jawad Kubba, Zaid M., Hoomod, Haider K..  2019.  A Hybrid Modified Lightweight Algorithm Combined of Two Cryptography Algorithms PRESENT and Salsa20 Using Chaotic System. 2019 First International Conference of Computer and Applied Sciences (CAS). :199–203.
Cryptography algorithms play a critical role in information technology against various attacks witnessed in the digital era. Many studies and algorithms are done to achieve security issues for information systems. The high complexity of computational operations characterises the traditional cryptography algorithms. On the other hand, lightweight algorithms are the way to solve most of the security issues that encounter applying traditional cryptography in constrained devices. However, a symmetric cipher is widely applied for ensuring the security of data communication in constraint devices. In this study, we proposed a hybrid algorithm based on two cryptography algorithms PRESENT and Salsa20. Also, a 2D logistic map of a chaotic system is applied to generate pseudo-random keys that produce more complexity for the proposed cipher algorithm. The goal of the proposed algorithm is to present a hybrid algorithm by enhancing the complexity of the current PRESENT algorithm while keeping the performance of computational operations as minimal. The proposed algorithm proved working efficiently with fast executed time, and the analysed result of the generated sequence keys passed the randomness of the NIST suite.
2020-08-07
Hasan, Kamrul, Shetty, Sachin, Ullah, Sharif.  2019.  Artificial Intelligence Empowered Cyber Threat Detection and Protection for Power Utilities. 2019 IEEE 5th International Conference on Collaboration and Internet Computing (CIC). :354—359.
Cyber threats have increased extensively during the last decade, especially in smart grids. Cybercriminals have become more sophisticated. Current security controls are not enough to defend networks from the number of highly skilled cybercriminals. Cybercriminals have learned how to evade the most sophisticated tools, such as Intrusion Detection and Prevention Systems (IDPS), and Advanced Persistent Threat (APT) is almost invisible to current tools. Fortunately, the application of Artificial Intelligence (AI) may increase the detection rate of IDPS systems, and Machine Learning (ML) techniques can mine data to detect different attack stages of APT. However, the implementation of AI may bring other risks, and cybersecurity experts need to find a balance between risk and benefits.
Berady, Aimad, Viet Triem Tong, Valerie, Guette, Gilles, Bidan, Christophe, Carat, Guillaume.  2019.  Modeling the Operational Phases of APT Campaigns. 2019 International Conference on Computational Science and Computational Intelligence (CSCI). :96—101.
In the context of Advanced Persistent Threat (APT) attacks, this paper introduces a model, called Nuke, which tries to provide a more operational reading of the attackers' lifecycle in a compromised network. It allows to consider the notions of regression; and repetitiveness of final objectives achievement. By confronting this model with examples of recent attacks (Equifax data breach and TV5Monde sabotage), we emphasize the importance of the attack chronology in the Cyber Threat Intelligence (CTI) reports, as well as the Tactics, Techniques and Procedures (TTP) used by the attacker during his progression.
2020-07-16
Balduccini, Marcello, Griffor, Edward, Huth, Michael, Vishik, Claire, Wollman, David, Kamongi, Patrick.  2019.  Decision Support for Smart Grid: Using Reasoning to Contextualize Complex Decision Making. 2019 7th Workshop on Modeling and Simulation of Cyber-Physical Energy Systems (MSCPES). :1—6.

The smart grid is a complex cyber-physical system (CPS) that poses challenges related to scale, integration, interoperability, processes, governance, and human elements. The US National Institute of Standards and Technology (NIST) and its government, university and industry collaborators, developed an approach, called CPS Framework, to reasoning about CPS across multiple levels of concern and competency, including trustworthiness, privacy, reliability, and regulatory. The approach uses ontology and reasoning techniques to achieve a greater understanding of the interdependencies among the elements of the CPS Framework model applied to use cases. This paper demonstrates that the approach extends naturally to automated and manual decision-making for smart grids: we apply it to smart grid use cases, and illustrate how it can be used to analyze grid topologies and address concerns about the smart grid. Smart grid stakeholders, whose decision making may be assisted by this approach, include planners, designers and operators.

2020-06-08
Chugunkov, Ilya V., Ivanov, Michael A., Kliuchnikova, Bogdana V..  2019.  Hash Functions are Based on Three-Dimensional Stochastic Transformations. 2019 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus). :202–205.
The methods are based on injecting unpredictability into means and objects of protection are called stochastic methods of information security. The effective protection can be done only by using stochastic methods against an active opponent. The effectiveness of stochastic protection methods is defined by the quality of the used pseudo-random number generators and hash functions. The proposed hashing algorithm DOZENHASH is based on the using of 3D stochastic transformations of DOZEN family. The principal feature of the algorithm is that all input and output data blocks as well as intermediate results of calculations are represented as three-dimensional array of bytes with 4 bytes in each dimension. Thus, the resulting transformation has a high degree of parallelism at the level of elementary operations, in other words, it is focused on the implementation using heterogeneous supercomputer technologies.
2020-06-01
Halba, Khalid, Griffor, Edward, Kamongi, Patrick, Roth, Thomas.  2019.  Using Statistical Methods and Co-Simulation to Evaluate ADS-Equipped Vehicle Trustworthiness. 2019 Electric Vehicles International Conference (EV). :1–5.

With the increasing interest in studying Automated Driving System (ADS)-equipped vehicles through simulation, there is a growing need for comprehensive and agile middleware to provide novel Virtual Analysis (VA) functions of ADS-equipped vehicles towards enabling a reliable representation for pre-deployment test. The National Institute of Standards and Technology (NIST) Universal Cyber-physical systems Environment for Federation (UCEF) is such a VA environment. It provides Application Programming Interfaces (APIs) capable of ensuring synchronized interactions across multiple simulation platforms such as LabVIEW, OMNeT++, Ricardo IGNITE, and Internet of Things (IoT) platforms. UCEF can aid engineers and researchers in understanding the impact of different constraints associated with complex cyber-physical systems (CPS). In this work UCEF is used to produce a simulated Operational Domain Design (ODD) for ADS-equipped vehicles where control (drive cycle/speed pattern), sensing (obstacle detection, traffic signs and lights), and threats (unusual signals, hacked sources) are represented as UCEF federates to simulate a drive cycle and to feed it to vehicle dynamics simulators (e.g. OpenModelica or Ricardo IGNITE) through the Functional Mock-up Interface (FMI). In this way we can subject the vehicle to a wide range of scenarios, collect data on the resulting interactions, and analyze those interactions using metrics to understand trustworthiness impact. Trustworthiness is defined here as in the NIST Framework for Cyber-Physical Systems, and is comprised of system reliability, resiliency, safety, security, and privacy. The goal of this work is to provide an example of an experimental design strategy using Fractional Factorial Design for statistically assessing the most important safety metrics in ADS-equipped vehicles.

2020-04-13
Avianto, Hana, Ogi, Dion.  2019.  Design of Electronic Medical Record Security Policy in Hospital Management Information System (SIMRS) in XYZ Hospital. 2019 2nd International Conference on Applied Information Technology and Innovation (ICAITI). :163–167.
Electronic Medical Record (EMR) is a medical record management system. EMR contains personal data of patients that is critical. The critical nature of medical records is the reason for the necessity to develop security policies as guidelines for EMR in SIMRS in XZY Hospital. In this study, analysis and risk assessment conducted to EMR management at SIMRS in XZY Hospital. Based on this study, the security of SIMRS in XZY Hospital is categorized as high. Security and Privacy Control mapping based on NIST SP800-53 rev 5 obtained 57 security controls related to privacy aspects as control options to protect EMR in SIMRS in XZY Hospital. The policy designing was done using The Triangle framework for Policy Analysis. The analysis obtained from the policy decisions of the head of XYZ Hospital. The contents of the security policy are provisions on the implementation of security policies of EMR, outlined of 17 controls were selected.
2020-04-06
Mumtaz, Majid, Akram, Junaid, Ping, Luo.  2019.  An RSA Based Authentication System for Smart IoT Environment. 2019 IEEE 21st International Conference on High Performance Computing and Communications; IEEE 17th International Conference on Smart City; IEEE 5th International Conference on Data Science and Systems (HPCC/SmartCity/DSS). :758–765.
Authentication is the fundamental security service used in almost all remote applications. All such sensitive applications over an open network need authentication mechanism that should be delivered in a trusted way. In this paper, we design an RSA based authentication system for smart IoT environment over the air network using state-of-the-art industry standards. Our system provide security services including X.509 certificate, RSA based Public Key Infrastructure (PKI), challenge/response protocols with the help of proxy induced security service provider. We describe an innovative system model, protocol design, system architecture and evaluation against known threats. Also the implemented solution designed as an add on service for multiple other sensitive applications (smart city apps, cyber physical systems etc.) which needs the support of X.509 certificate based on hard tokens to populate other security services including confidentiality, integrity, non-repudiation, privacy and anonymity of the identities. The proposed scheme is evaluated against known vulnerabilities and given detail comparisons with popular known authentication schemes. The result shows that our proposed scheme mitigate all the known security risks and provide highest level assurance to smart gadgets.
2020-03-16
Ablaev, Farid, Andrianov, Sergey, Soloviev, Aleksey.  2019.  Quantum Electronic Generator of Random Numbers for Information Security in Automatic Control Systems. 2019 International Russian Automation Conference (RusAutoCon). :1–5.

The problems of random numbers application to the information security of data, communication lines, computer units and automated driving systems are considered. The possibilities for making up quantum generators of random numbers and existing solutions for acquiring of sufficiently random sequences are analyzed. The authors found out the method for the creation of quantum generators on the basis of semiconductor electronic components. The electron-quantum generator based on electrons tunneling is experimentally demonstrated. It is shown that it is able to create random sequences of high security level and satisfying known NIST statistical tests (P-Value\textbackslashtextgreater0.9). The generator created can be used for formation of both closed and open cryptographic keys in computer systems and other platforms and has great potential for realization of random walks and probabilistic computing on the basis of neural nets and other IT problems.

2020-03-09
Salehie, Mazeiar, Pasquale, Liliana, Omoronyia, Inah, Nuseibeh, Bashar.  2012.  Adaptive Security and Privacy in Smart Grids: A Software Engineering Vision. 2012 First International Workshop on Software Engineering Challenges for the Smart Grid (SE-SmartGrids). :46–49.

Despite the benefits offered by smart grids, energy producers, distributors and consumers are increasingly concerned about possible security and privacy threats. These threats typically manifest themselves at runtime as new usage scenarios arise and vulnerabilities are discovered. Adaptive security and privacy promise to address these threats by increasing awareness and automating prevention, detection and recovery from security and privacy requirements' failures at runtime by re-configuring system controls and perhaps even changing requirements. This paper discusses the need for adaptive security and privacy in smart grids by presenting some motivating scenarios. We then outline some research issues that arise in engineering adaptive security. We particularly scrutinize published reports by NIST on smart grid security and privacy as the basis for our discussions.