Remotely Exploiting AT Command Attacks on ZigBee Networks

Internet of Things networks represent an emerging phenomenon bringing connectivity to common sensors. Due to the limited capabilities and to the sensitive nature of the devices, security assumes a crucial and primary role. In this paper, we report an innovative and extremely dangerous threat targeting IoT networks. The attack is based on Remote AT Commands exploitation, providing a malicious user with the possibility of reconfiguring or disconnecting IoT sensors from the network. We present the proposed attack and evaluate its efficiency by executing tests on a real IoT network. Results demonstrate how the threat can be successfully executed and how it is able to focus on the targeted nodes, without affecting other nodes of the network

Reviewing effectivity in security approaches towards strengthening internet architecture

The usage of existing Internet architecture is shrouded by various security loopholes and hence is highly ineffective towards resisting potential threats over internet. Hence, it is claimed that future internet architecture has been evolved as a solution to address this security gaps of existing internet architecture. Therefore, this paper initiates its discussion by reviewing the existing practices of web security in conventional internet architecture and has also discussed about some recent solutions towards mitigating potentially reported threats e.g. cross-site scripting, SQL inject, and distributed denial-of-service. The paper has also discussed some of the recent research contribution towards security solution considering future internet architecture. The proposed manuscripts contributes to showcase the true effectiveness of existing approaches with respect to advantages and limitation of existing approaches along with explicit highlights of existing research problems that requires immediate attention

Future Challenges and Mitigation Methods for High Photovoltaic Penetration: A Survey

: Integration of high volume (high penetration) of photovoltaic (PV) generation with power grids consequently leads to some technical challenges that are mainly due to the intermittent nature of solar energy, the volume of data involved in the smart grid architecture, and the impact power electronic-based smart inverters. These challenges include reverse power flow, voltage fluctuations, power quality issues, dynamic stability, big data challenges and others. This paper investigates the existing challenges with the current level of PV penetration and looks into the challenges with high PV penetration in future scenarios such as smart cities, transactive energy, proliferation of plug-in hybrid electric vehicles (PHEVs), possible eclipse events, big data issues and environmental impacts. Within the context of these future scenarios, this paper reviewed the existing solutions and provides insights to new and future solutions that could be explored to ultimately address these issues and improve the smart grid’s security, reliability and resilienc

Fintech cybersecurity challenges and regulations: Bahrain case study

Winds of change are blowing across the financial systems, with services and advancements in Financial Technology (FinTech) influencing all aspects of the financial sector and generating a continual stream of innovations. Despite benefits offered by FinTech, it creates new challenges that endanger financial institutes’ stability and integrity. As cyber-attacks increasingly threaten the FinTech industry, cybersecurity can be considered as one of the main challenges that need to be addressed to properly manage risks associated with integrating FinTech services in people’s day-to-day life. This Systematic Literature Review (SLR) highlights the cybersecurity challenges that FinTech industry faces and discusses existing measures that can effectively manage FinTech cybersecurity risks. An analysis of the existing literature and regulations is carried out to identify comparable components that exist across some internationally well-known cybersecurity standards and frameworks. Considering Bahrain as a case study, the paper explores key elements and factors that were not addressed adequately while implementing such standards. Research findings indicate that creating a cybersecurity framework for FinTech could be advantageous and offers a new perspective on the topic by demonstrating a natural extension of the existing knowledge. The findings offer useful suggestions for Bahrain’s financial regulators to get better acquainted with these aspects. It lays the foundation to develop a cybersecurity framework for FinTech specifically for Bahrain, and it endeavors to raise the level of cybersecurity and a trusted electronic environment for both the customers and service providers in Bahrain

FinTech Cybersecurity Challenges and Regulations: Bahrain Case Study

Winds of change are blowing across the financial systems, with services and advancements in Financial Technology (FinTech) influencing all aspects of the financial sector and generating a continual stream of innovations. Despite benefits offered by FinTech, it creates new challenges that endanger financial institutes’ stability and integrity. As cyber-attacks increasingly threaten the FinTech industry, cybersecurity can be considered as one of the main challenges that need to be addressed to properly manage risks associated with integrating FinTech services in people’s day-to-day life. This Systematic Literature Review (SLR) highlights the cybersecurity challenges that FinTech industry faces and discusses existing measures that can effectively manage FinTech cybersecurity risks. An analysis of the existing literature and regulations is carried out to identify comparable components that exist across some internationally well-known cybersecurity standards and frameworks. Considering Bahrain as a case study, the paper explores key elements and factors that were not addressed adequately while implementing such standards. Research findings indicate that creating a cybersecurity framework for FinTech could be advantageous and offers a new perspective on the topic by demonstrating a natural extension of the existing knowledge. The findings offer useful suggestions for Bahrain’s financial regulators to get better acquainted with these aspects. It lays the foundation to develop a cybersecurity framework for FinTech specifically for Bahrain, and it endeavors to raise the level of cybersecurity and a trusted electronic environment for both the customers and service providers in Bahrain

Volume and Access Pattern Leakage-abuse Attack with Leaked Documents

Searchable Encryption schemes provide secure search over encrypted databases while allowing admitted information leakages. Generally, the leakages can be categorized into access and volume pattern. In most existing SE schemes, these leakages are caused by practical designs but are considered an acceptable price to achieve high search efficiency. Recent attacks have shown that such leakages could be easily exploited to retrieve the underlying keywords for search queries. Under the umbrella of attacking SE, we design a new Volume and Access Pattern Leakage-Abuse Attack (VAL-Attack) that improves the matching technique of LEAP (CCS ’21) and exploits both the access and volume patterns. Our proposed attack only leverages leaked documents and the keywords present in those documents as auxiliary knowledge and can effectively retrieve document and keyword matches from leaked data. Furthermore, the recovery performs without false positives. We further compare VAL-Attack with two recent well-defined attacks on several real-world datasets to highlight the effectiveness of our attack and present the performance under popular countermeasures