Visible to the public Biblio

Filters: Keyword is pubcrawl and Keyword is Science of Security and Year is 2019  [Clear All Filters]
2020-08-07
Carpentier, Eleonore, Thomasset, Corentin, Briffaut, Jeremy.  2019.  Bridging The Gap: Data Exfiltration In Highly Secured Environments Using Bluetooth IoTs.

IoT devices introduce unprecedented threats into home and professional networks. As they fail to adhere to security best practices, they are broadly exploited by malicious actors to build botnets or steal sensitive information. Their adoption challenges established security standard as classic security measures are often inappropriate to secure them. This is even more problematic in sensitive environments where the presence of insecure IoTs can be exploited to bypass strict security policies. In this paper, we demonstrate an attack against a highly secured network using a Bluetooth smart bulb. This attack allows a malicious actor to take advantage of a smart bulb to exfiltrate data from an air gapped network.

2020-03-18
Shrishti, Burra, Manohar S., Maurya, Chanchal, Maity, Soumyadev.  2019.  Leakage Resilient Searchable Symmetric Encryption with Periodic Updation. {2019 3rd International Conference on Trends in Electronics and Informatics} (ICOEI).

Searchable symmetric encryption (SSE) scheme allows a data owner to perform search queries over encrypted documents using symmetric cryptography. SSE schemes are useful in cloud storage and data outsourcing. Most of the SSE schemes in existing literature have been proved to leak a substantial amount of information that can lead to an inference attack. This paper presents, a novel leakage resilient searchable symmetric encryption with periodic updation (LRSSEPU) scheme that minimizes extra information leakage, and prevents an untrusted cloud server from performing document mapping attack, query recovery attack and other inference attacks. In particular, the size of the keyword vector is fixed and the keywords are periodically permuted and updated to achieve minimum leakage. Furthermore, our proposed LRSSEPU scheme provides authentication of the query messages and restricts an adversary from performing a replay attack, forged query attack and denial of service attack. We employ a combination of identity-based cryptography (IBC) with symmetric key cryptography to reduce the computation cost and communication overhead. Our scheme is lightweight and easy to implement with very little communication overhead.

Karmakar, Kallol Krishna, Varadharajan, Vijay, Nepal, Surya, Tupakula, Uday.  2019.  SDN Enabled Secure IoT Architecture. {2019 IFIP/IEEE} Symposium on Integrated Network and Service Management (IM).

The Internet of Things (IoT) is increasingly being used in applications ranging from precision agriculture to critical national infrastructure by deploying a large number of resource-constrained devices in hostile environments. These devices are being exploited to launch attacks in cyber systems. As a result, security has become a significant concern in the design of IoT based applications. In this paper, we present a security architecture for IoT networks by leveraging the underlying features supported by Software Defined Networks (SDN). Our security architecture restricts network access to authenticated IoT devices. We use fine granular policies to secure the flows in the IoT network infrastructure and provide a lightweight protocol to authenticate IoT devices. Such an integrated security approach involving authentication of IoT devices and enabling authorized flows can help to protect IoT networks from malicious IoT devices and attacks.

Van, Hao, Nguyen, Huyen N., Hewett, Rattikorn, Dang, Tommy.  2019.  HackerNets: Visualizing Media Conversations on Internet of Things, Big Data, and Cybersecurity. 2019 IEEE International Conference on Big Data (Big Data). :3293–3302.
The giant network of Internet of Things establishes connections between smart devices and people, with protocols to collect and share data. While the data is expanding at a fast pace in this era of Big Data, there are growing concerns about security and privacy policies. In the current Internet of Things ecosystems, at the intersection of the Internet of Things, Big Data, and Cybersecurity lies the subject that attracts the most attention. In aiding users in getting an adequate understanding, this paper introduces HackerNets, an interactive visualization for emerging topics in the crossing of IoT, Big Data, and Cybersecurity over time. To demonstrate the effectiveness and usefulness of HackerNets, we apply and evaluate the technique on the dataset from the social media platform.
Yang, Yunxue, Ji, Guohua, Yang, Zhenqi, Xue, Shengjun.  2019.  Incentive Contract for Cybersecurity Information Sharing Considering Monitoring Signals. 2019 International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData). :507–512.
Cyber insurance is a viable method for cyber risk transfer. However, the cyber insurance faces critical challenges, the most important of which is lack of statistical data. In this paper, we proposed an incentive model considering monitoring signals for cybersecurity information haring based on the principal-agent theory. We studied the effect of monitoring signals on increasing the rationality of the incentive contract and reducing moral hazard in the process of cybersecurity information sharing, and analyzed factors influencing the effectiveness of the incentive contract. We show that by introducing monitoring signals, the insurer can collect more information about the effort level of the insured, and encourage the insured to share cybersecurity information based on the information sharing output and monitoring signals of the effort level, which can not only reduce the blindness of incentive to the insured in the process of cybersecurity information sharing, but also reduce moral hazard.
Li, Tao, Guo, Yuanbo, Ju, Ankang.  2019.  A Self-Attention-Based Approach for Named Entity Recognition in Cybersecurity. 2019 15th International Conference on Computational Intelligence and Security (CIS). :147–150.
With cybersecurity situation more and more complex, data-driven security has become indispensable. Numerous cybersecurity data exists in textual sources and data analysis is difficult for both security analyst and the machine. To convert the textual information into structured data for further automatic analysis, we extract cybersecurity-related entities and propose a self-attention-based neural network model for the named entity recognition in cybersecurity. Considering the single word feature not enough for identifying the entity, we introduce CNN to extract character feature which is then concatenated into the word feature. Then we add the self-attention mechanism based on the existing BiLSTM-CRF model. Finally, we evaluate the proposed model on the labelled dataset and obtain a better performance than the previous entity extraction model.
Offenberger, Spencer, Herman, Geoffrey L., Peterson, Peter, Sherman, Alan T, Golaszewski, Enis, Scheponik, Travis, Oliva, Linda.  2019.  Initial Validation of the Cybersecurity Concept Inventory: Pilot Testing and Expert Review. 2019 IEEE Frontiers in Education Conference (FIE). :1–9.
We analyze expert review and student performance data to evaluate the validity of the Cybersecurity Concept Inventory (CCI) for assessing student knowledge of core cybersecurity concepts after a first course on the topic. A panel of 12 experts in cybersecurity reviewed the CCI, and 142 students from six different institutions took the CCI as a pilot test. The panel reviewed each item of the CCI and the overwhelming majority rated every item as measuring appropriate cybersecurity knowledge. We administered the CCI to students taking a first cybersecurity course either online or proctored by the course instructor. We applied classical test theory to evaluate the quality of the CCI. This evaluation showed that the CCI is sufficiently reliable for measuring student knowledge of cybersecurity and that the CCI may be too difficult as a whole. We describe the results of the expert review and the pilot test and provide recommendations for the continued improvement of the CCI.
Wang, Johnson J. H..  2019.  Solving Cybersecurity Problem by Symmetric Dual-Space Formulation—Physical and Cybernetic. 2019 IEEE International Symposium on Antennas and Propagation and USNC-URSI Radio Science Meeting. :601–602.
To address cybersecurity, this author proposed recently the approach of formulating it in symmetric dual-space and dual-system. This paper further explains this concept, beginning with symmetric Maxwell Equation (ME) and Fourier Transform (FT). The approach appears to be a powerful solution, with wide applications ranging from Electronic Warfare (EW) to 5G Mobile, etc.
Schwab, Stephen, Kline, Erik.  2019.  Cybersecurity Experimentation at Program Scale: Guidelines and Principles for Future Testbeds. 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS PW). :94–102.
Cybersecurity Experimentation is often viewed narrowly in terms of a single technology or experiment. This paper reviews the experimentation life-cycle for two large scale research efforts that span multiple technologies. We identify salient aspects of each cybersecurity program, and capture guidelines based on eight years of experience. Extrapolating, we identify four principles for building future experimental infrastructure: 1) Reduce the cognitive burden on experimenters when designing and operating experiments. 2) Allow experimenters to encode their goals and constraints. 3) Provide flexibility in experimental design. 4) Provide multifaceted guidance to help experimenters produce high-quality experiments. By following these principles, future cybersecurity testbeds can enable significantly higher-quality experiments.
Kalashnikov, A.O., Anikina, E.V..  2019.  Complex Network Cybersecurity Monitoring Method. 2019 Twelfth International Conference "Management of large-scale system development" (MLSD). :1–3.
This paper considers one of the methods of efficient allocation of limited resources in special-purpose devices (sensors) to monitor complex network unit cybersecurity.
Zhang, Ruipeng, Xu, Chen, Xie, Mengjun.  2019.  Powering Hands-on Cybersecurity Practices with Cloud Computing. 2019 IEEE 27th International Conference on Network Protocols (ICNP). :1–2.
Cybersecurity education and training have gained increasing attention in all sectors due to the prevalence and quick evolution of cyberattacks. A variety of platforms and systems have been proposed and developed to accommodate the growing needs of hands-on cybersecurity practice. However, those systems are either lacking sufficient flexibility (e.g., tied to a specific virtual computing service provider, little customization support) or difficult to scale. In this work, we present a cloud-based platform named EZSetup for hands-on cybersecurity practice at scale and our experience of using it in class. EZSetup is customizable and cloud-agnostic. Users can create labs through an intuitive Web interface and deploy them onto one or multiple clouds. We have used NSF funded Chameleon cloud and our private OpenStack cloud to develop, test and deploy EZSetup. We have developed 14 network and security labs using the tool and included six labs in an undergraduate network security course in spring 2019. Our survey results show that students have very positive feedback on using EZSetup and computing clouds for hands-on cybersecurity practice.
Promyslov, Vitaly, Jharko, Elena, Semenkov, Kirill.  2019.  Principles of Physical and Information Model Integration for Cybersecurity Provision to a Nuclear Power Plant. 2019 Twelfth International Conference "Management of large-scale system development" (MLSD). :1–3.
For complex technical objects the research of cybersecurity problems should take into account both physical and information properties of the object. The paper considers a hybrid model that unifies information and physical models and may be used as a tool for countering cyber threats and for cybersecurity risk assessment at the design and operational stage of an object's lifecycle.
Williams, Laurie.  2019.  Science Leaves Clues. IEEE Security Privacy. 17:4–6.
The elusive science of security. Science advances when research results build upon prior findings through the evolution of hypotheses and theories about the fundamental relationships among variables within a context and considering the threats and limitations of the work. Some hypothesize that, through this science of security, the industry can take a more principled and systematic approach to securing systems, rather than reacting to the latest move by attackers. Others debate the utility of a science of security.
2020-01-27
Cesar, Pablo, Zwitser, Robert, Webb, Andrew, Ashby, Liam, Ali, Abdallah.  2019.  Uncovering Perceived Identification Accuracy of In-Vehicle Biometric Sensing | Proceedings of the 11th International Conference on Automotive User Interfaces and Interactive Vehicular Applications: Adjunct Proceedings. AutomotiveUI '19: Proceedings of the 11th International Conference on Automotive User Interfaces and Interactive Vehicular Applications: Adjunct Proceedings.

Biometric techniques can help make vehicles safer to drive, authenticate users, and provide personalized in-car experiences. However, it is unclear to what extent users are willing to trade their personal biometric data for such benefits. In this early work, we conducted an open card sorting study (N=11) to better understand how well users perceive their physical, behavioral and physiological features can personally identify them. Findings showed that on average participants clustered features into six groups, and helped us revise ambiguous cards and better understand users' clustering. These findings provide the basis for a follow up online closed card sorting study to more fully understand perceived identification accuracy of (in-vehicle) biometric sensing. By uncovering this at a larger scale, we can then further study the privacy and user experience trade-off in (automated) vehicles.

2019-10-30
Bugeja, Joseph, Vogel, Bahtijar, Jacobsson, Andreas, Varshney, Rimpu.  2019.  IoTSM: An End-to-End Security Model for IoT Ecosystems. 2019 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops). :267-272.

The Internet of Things (IoT) market is growing rapidly, allowing continuous evolution of new technologies. Alongside this development, most IoT devices are easy to compromise, as security is often not a prioritized characteristic. This paper proposes a novel IoT Security Model (IoTSM) that can be used by organizations to formulate and implement a strategy for developing end-to-end IoT security. IoTSM is grounded by the Software Assurance Maturity Model (SAMM) framework, however it expands it with new security practices and empirical data gathered from IoT practitioners. Moreover, we generalize the model into a conceptual framework. This approach allows the formal analysis for security in general and evaluates an organization's security practices. Overall, our proposed approach can help researchers, practitioners, and IoT organizations, to discourse about IoT security from an end-to-end perspective.