The Usage of Clouds in Zero-Trust Security Strategy: An Evolving Paradigm

Zero-trust security is a security model that assumes no entity is implicitly trusted, regardless of its origin or scope of access. This approach requires continuous verification of all users, devices, and applications before granting access to resources. Cloud computing is a model for delivering IT resources and applications as a service over the Internet. Cloud computing offers many benefits, including scalability, agility, and cost savings. However, cloud computing also introduces new security challenges. This paper proposes a survey-based research methodology to evaluate the usage of clouds in zero-trust security strategies. The paper identifies different zero-trust security solutions, their key features, and the benefits and challenges of implementing these solutions in the cloud. The paper will also discuss the costs and benefits of different zero-trust security solutions. The findings of this research will be valuable for organizations that are considering implementing a zero-trust security strategy in the cloud. The paper will provide guidance on how to choose the best zero-trust security solution for organizational needs and how to implement it effectively

Secure Geo-location Techniques using Trusted Hyper-visor

Για πολλούς, η γεωγραφική θέση είναι μια απλή διαδικασία όπου με τη χρήση του GPS ένα άτομο μπορεί να εντοπιστεί όπου και όποτε ζητείται. Ωστόσο, ακόμη και αν η χρήση του GPS για γεωγραφική τοποθέτηση είναι ο πιο συνηθισμένος τρόπος και ταυτόχρονα ακριβής ως σύστημα, αποτελεί μια τεράστια κατανάλωση ενέργειας για να επιτευχθεί αυτή η διαδικασία και υστερεί σε μηχανισμούς και τεχνικές ασφαλείας. Σκοπός αυτής της εργασίας είναι να παρουσιάσουμε μια άλλη όψη για το πώς μπορούμε να εντοπίσουμε μια άγνωστη θέση ενός κόμβου σε ένα σύστημα και πώς θα μπορούσε να δημιουργηθεί ένα ασφαλές περιβάλλον για αυτόν τον κόμβο. Βασική μας ιδέα ήταν η δημιουργία ενός μηχανισμού όπου θα μπορούσαμε να δημιουργήσουμε ένα τρισδιάστατο πεδίο στο οποίο θα μπορούσε να εντοπιστεί άγνωστος κόμβος και στη συνέχεια θα δημιουργηθεί ένα ασφαλές περιβάλλον για τον νέο κόμβο. Μετά από μια έρευνα σε δημοσιεύσεις σχετικά με τρισδιάστατους μηχανισμούς και τεχνικές γεω-εντοπισμού, παράλληλα με την έννοια των hypervisors για τη δημιουργία ασφαλούς περιβάλλοντος με την αξιοποίηση της κρυπτογραφίας, καταλήξαμε στο συμπέρασμα της δημιουργίας ενός πλαισίου που θα ικανοποιούσε αυτά απαιτήσεις. Δημιουργήσαμε ένα τρισδιάστατο πεδίο τεσσάρων σταθμών κόμβων, όπου χρησιμοποιήσαμε δύο αλγορίθμους εντοπισμού, χωρίς GPS, για τον εντοπισμό της θέση ενός πέμπτου άγνωστου κόμβου παράλληλα με έναν hypervisor για τη δημιουργία περιβάλλοντος εμπιστοσύνης. Χρησιμοποιήσαμε ένα TPM για τη δημιουργία κρυπτογραφικών μηχανισμών και κλειδιών ασφαλείας. Σε αυτή την εργασία δημιουργήσαμε μια προσομοίωση όπου συγκρίνουμε την απόδοση αυτών των δύο αλγορίθμων γεωγραφικής τοποθέτησης από την άποψη της ταχύτητας και της ακρίβειας του υπολογισμού, παράλληλα με την απόδοση των μηχανισμών ασφαλείας του hypervisor και την ικανότητά του για ασφάλιση ακεραιότητας δεδομένων. Εκτός από τα συστατικά του προτεινόμενου μηχανισμού, παρουσιάζουμε και άλλες πληροφορίες που βρήκαμε σε σχετικά έγγραφα, όπως μια ποικιλία από hypervisors και μια ποικιλία τεχνικών εντοπισμού, για περισσότερες πληροφορίες για μελλοντικές εργασίες παράλληλα με τα βήματα υλοποίησης και εκτέλεσης.For many, geo-location is a simple process where with the utilization of GPS a person can be located wherever and whenever is requested. However, even if the utilization of GPS for geolocation is the most common way and accurate as a system, it is a huge consumption of energy in order to achieve this process and it lucks on safety mechanisms and techniques. The purpose of this paper is to present another view of how we could locate an unknown node position in a system and how a safe environment could be created for this node. Our main idea was about the creation of a framework where we could create a three-dimensional field in which an unknown node could be located and afterwards a safe environment would be created for the new node. After a research on papers relevant with three-dimensional geo-localization mechanisms and techniques, alongside with the concept of hypervisors for the creation of safe environment with the utilization of cryptography, we came to the conclusion of the creation of a framework which would satisfy those requirements. We created a 3-Dimentional field of four base nodes stations, where we utilized two localization GPS-free algorithms for the location of a fifth unknown node alongside with a hypervisor for the trust environment creation. We utilized a TPM for the cryptography mechanisms and safety keys creation. In this paper we created a simulation where we compare the performance of those two geolocation algorithms in terms of accuracy and computation speed and accuracy, alongside with the hypervisor’s security mechanisms performance and its ability for data integrity insurance. Except our proposed framework components, we present also further information that we found in relevant papers, such as a variety of hypervisors and a variety of localization techniques, for more information for future work alongside with implementation steps and guidanc

Applications in security and evasions in machine learning : a survey

In recent years, machine learning (ML) has become an important part to yield security and privacy in various applications. ML is used to address serious issues such as real-time attack detection, data leakage vulnerability assessments and many more. ML extensively supports the demanding requirements of the current scenario of security and privacy across a range of areas such as real-time decision-making, big data processing, reduced cycle time for learning, cost-efficiency and error-free processing. Therefore, in this paper, we review the state of the art approaches where ML is applicable more effectively to fulfill current real-world requirements in security. We examine different security applications' perspectives where ML models play an essential role and compare, with different possible dimensions, their accuracy results. By analyzing ML algorithms in security application it provides a blueprint for an interdisciplinary research area. Even with the use of current sophisticated technology and tools, attackers can evade the ML models by committing adversarial attacks. Therefore, requirements rise to assess the vulnerability in the ML models to cope up with the adversarial attacks at the time of development. Accordingly, as a supplement to this point, we also analyze the different types of adversarial attacks on the ML models. To give proper visualization of security properties, we have represented the threat model and defense strategies against adversarial attack methods. Moreover, we illustrate the adversarial attacks based on the attackers' knowledge about the model and addressed the point of the model at which possible attacks may be committed. Finally, we also investigate different types of properties of the adversarial attacks

Real-Time Localization Using Software Defined Radio

Service providers make use of cost-effective wireless solutions to identify, localize, and possibly track users using their carried MDs to support added services, such as geo-advertisement, security, and management. Indoor and outdoor hotspot areas play a significant role for such services. However, GPS does not work in many of these areas. To solve this problem, service providers leverage available indoor radio technologies, such as WiFi, GSM, and LTE, to identify and localize users. We focus our research on passive services provided by third parties, which are responsible for (i) data acquisition and (ii) processing, and network-based services, where (i) and (ii) are done inside the serving network. For better understanding of parameters that affect indoor localization, we investigate several factors that affect indoor signal propagation for both Bluetooth and WiFi technologies. For GSM-based passive services, we developed first a data acquisition module: a GSM receiver that can overhear GSM uplink messages transmitted by MDs while being invisible. A set of optimizations were made for the receiver components to support wideband capturing of the GSM spectrum while operating in real-time. Processing the wide-spectrum of the GSM is possible using a proposed distributed processing approach over an IP network. Then, to overcome the lack of information about tracked devices’ radio settings, we developed two novel localization algorithms that rely on proximity-based solutions to estimate in real environments devices’ locations. Given the challenging indoor environment on radio signals, such as NLOS reception and multipath propagation, we developed an original algorithm to detect and remove contaminated radio signals before being fed to the localization algorithm. To improve the localization algorithm, we extended our work with a hybrid based approach that uses both WiFi and GSM interfaces to localize users. For network-based services, we used a software implementation of a LTE base station to develop our algorithms, which characterize the indoor environment before applying the localization algorithm. Experiments were conducted without any special hardware, any prior knowledge of the indoor layout or any offline calibration of the system

Cloud-based Indoor Positioning Platform for Context-adaptivity in GNSS-denied Scenarios

The demand for positioning, localisation and navigation services is on the rise, largely owing to the fact that such services form an integral part of applications in areas such as human activity recognition, robotics, and eHealth. Depending on the field of application, these services must accomplish high levels of accuracy, massive device connectivity, real-time response, flexibility, and integrability. Although many current solutions have succeeded in fulfilling these requirements, numerous challenges remain in terms of providing robust and reliable indoor positioning solutions. This dissertation has a core focus on improving computing efficiency, data pre-processing, and software architecture for Indoor Positioning Systems (IPSs), without throwing out position and location accuracy. Fingerprinting is the main positioning technique used in this dissertation, as it is one of the approaches used most frequently in indoor positioning solutions. The dissertation begins by presenting a systematic review of current cloud-based indoor positioning solutions for Global Navigation Satellite System (GNSS) denied scenarios. This first contribution identifies the current challenges and trends in indoor positioning applications over the last seven years (from January 2015 to May 2022). Secondly, we focus on the study of data optimisation techniques such as data cleansing and data augmentation. This second contribution is devoted to reducing the number of outliers fingerprints in radio maps and, therefore, reducing the error in position estimation. The data cleansing algorithm relies on the correlation between fingerprints, taking into account the maximum Received Signal Strength (RSS) values, whereas the Generative Adversarial Network (GAN) network is used for data augmentation in order to generate synthetic fingerprints that are barely distinguishable from real ones. Consequently, the positioning error is reduced by more than 3.5% after applying the data cleansing. Similarly, the positioning error is reduced in 8 from 11 datasets after generating new synthetic fingerprints. The third contribution suggests two algorithms which group similar fingerprints into clusters. To that end, a new post-processing algorithm for Density-based Spatial Clustering of Applications with Noise (DBSCAN) clustering is developed to redistribute noisy fingerprints to the formed clusters, enhancing the mean positioning accuracy by more than 20% in comparison with the plain DBSCAN. A new lightweight clustering algorithm is also introduced, which joins similar fingerprints based on the maximum RSS values and Access Point (AP) identifiers. This new clustering algorithm reduces the time required to form the clusters by more than 60% compared with two traditional clustering algorithms. The fourth contribution explores the use of Machine Learning (ML) models to enhance the accuracy of position estimation. These models are based on Deep Neural Network (DNN) and Extreme Learning Machine (ELM). The first combines Convolutional Neural Network (CNN) and Long short-term memory (LSTM) to learn the complex patterns in fingerprinting radio maps and improve position accuracy. The second model uses CNN and ELM to provide a fast and accurate solution for the classification of fingerprints into buildings and floors. Both models offer better performance in terms of floor hit rate than the baseline (more than 8% on average), and also outperform some machine learning models from the literature. Finally, this dissertation summarises the key findings of the previous chapters in an open-source cloud platform for indoor positioning. This software developed in this dissertation follows the guidelines provided by current standards in positioning, mapping, and software architecture to provide a reliable and scalable system

Attacking (and defending) the Maritime Radar System

Operation of radar equipment is one of the key facilities used by navigators to gather situational awareness about their surroundings. With an ever increasing need for always-running logistics and tighter shipping schedules, operators are relying more and more on computerized instruments and their indications. As a result, modern ships have become a complex cyber-physical system in which sensors and computers constantly communicate and coordinate. In this work, we discuss novel threats related to the radar system, which is one of the most security-sensitive component on a ship. In detail, we first discuss some new attacks capable of compromising the integrity of data displayed on a radar system, with potentially catastrophic impacts on the crew' situational awareness or even safety itself. Then, we present a detection system aimed at highlighting anomalies in the radar video feed, requiring no modifications to the target ship configuration. Finally, we stimulate our detection system by performing the attacks inside of a simulated environment. The experimental results clearly indicate that the attacks are feasible, rather easy to carry out, and hard-to-detect. Moreover, they prove that the proposed detection technique is effective

Secure and efficient routing in highly dynamic WLAN mesh networks

Recent advances in embedded systems, energy storage, and communication interfaces, accompanied by the falling prices of WLAN routers and a considerable increase in the throughput of a WLAN (IEEE 802.11), have facilitated the proliferation of WLAN Mesh Network (WMN) applications. In addition to their current deployments in less dynamic community networks, WMNs have become a key solution in various highly dynamic scenarios. For instance, WMNs are intended to interconnect self-organized, cooperative, and small Unmanned Aerial Vehicles (UAVs) in a wide range of applications, such as emergency response, environmental monitoring, and ad-hoc network provisioning. Nevertheless, WMNs still face major security challenges as they are prone to routing attacks. Consequently, the network can be sabotaged and, in the case of UAV-WMN-supported missions, the attacker might manipulate payload data or even hijack UAVs. Contemporary security standards, such as the IEEE 802.11i and the security mechanisms of the IEEE 802.11s mesh standard, are vulnerable to routing attacks, as experimentally shown in this research. Therefore, a secure routing protocol is indispensable for making feasible the deployment of WMNs in critical scenarios, such as UAV-WMN-assisted applications. As far as the author of this thesis knows, none of the existing research approaches for secure routing in WMNs have gained acceptance in practice due to their high overhead or strong assumptions. In this research, a new approach, which is called Position-Aware, Secure, and Efficient mesh Routing (PASER), is proposed. This new proposal defeats more attacks than the IEEE 802.11s/i security mechanisms and the well-known, secure routing protocol Authenticated Routing for Ad-hoc Networks (ARAN), without making restrictive assumptions. It is shown that PASER achieves —in realistic UAV-WMN scenarios— similar performance results as the well-established, nonsecure routing protocols Hybrid Wireless Mesh Protocol (HWMP) combined with the IEEE 802.11s security mechanisms. Two representative scenarios are considered: (1) on-demand ubiquitous network access and (2) efficient exploration of sizable areas in disaster relief. The performance evaluation results are produced using an experimentally validated simulation model of WMNs, realistic mobility patterns of UAVs, and an experimentally derived channel model for the air-to-air WMN link between UAVs. The findings of this evaluation are justified by the route discovery delay and the message overhead of the considered solutions

Advances in Intelligent Vehicle Control

This book is a printed edition of the Special Issue Advances in Intelligent Vehicle Control that was published in the journal Sensors. It presents a collection of eleven papers that covers a range of topics, such as the development of intelligent control algorithms for active safety systems, smart sensors, and intelligent and efficient driving. The contributions presented in these papers can serve as useful tools for researchers who are interested in new vehicle technology and in the improvement of vehicle control systems