51 research outputs found
Towards Cyber Security for Low-Carbon Transportation: Overview, Challenges and Future Directions
In recent years, low-carbon transportation has become an indispensable part
as sustainable development strategies of various countries, and plays a very
important responsibility in promoting low-carbon cities. However, the security
of low-carbon transportation has been threatened from various ways. For
example, denial of service attacks pose a great threat to the electric vehicles
and vehicle-to-grid networks. To minimize these threats, several methods have
been proposed to defense against them. Yet, these methods are only for certain
types of scenarios or attacks. Therefore, this review addresses security aspect
from holistic view, provides the overview, challenges and future directions of
cyber security technologies in low-carbon transportation. Firstly, based on the
concept and importance of low-carbon transportation, this review positions the
low-carbon transportation services. Then, with the perspective of network
architecture and communication mode, this review classifies its typical attack
risks. The corresponding defense technologies and relevant security suggestions
are further reviewed from perspective of data security, network management
security and network application security. Finally, in view of the long term
development of low-carbon transportation, future research directions have been
concerned.Comment: 34 pages, 6 figures, accepted by journal Renewable and Sustainable
Energy Review
Outsourced Analysis of Encrypted Graphs in the Cloud with Privacy Protection
Huge diagrams have unique properties for organizations and research, such as
client linkages in informal organizations and customer evaluation lattices in
social channels. They necessitate a lot of financial assets to maintain because
they are large and frequently continue to expand. Owners of large diagrams may
need to use cloud resources due to the extensive arrangement of open cloud
resources to increase capacity and computation flexibility. However, the
cloud's accountability and protection of schematics have become a significant
issue. In this study, we consider calculations for security savings for
essential graph examination practices: schematic extraterrestrial examination
for outsourcing graphs in the cloud server. We create the security-protecting
variants of the two proposed Eigen decay computations. They are using two
cryptographic algorithms: additional substance homomorphic encryption (ASHE)
strategies and some degree homomorphic encryption (SDHE) methods. Inadequate
networks also feature a distinctively confidential info adaptation convention
to allow the trade-off between secrecy and data sparseness. Both dense and
sparse structures are investigated. According to test results, calculations
with sparse encoding can drastically reduce information. SDHE-based strategies
have reduced computing time, while ASHE-based methods have reduced stockpiling
expenses
Mecanismos dinâmicos de segurança para redes softwarizadas e virtualizadas
The relationship between attackers and defenders has traditionally been
asymmetric, with attackers having time as an upper hand to devise an exploit
that compromises the defender. The push towards the Cloudification of
the world makes matters more challenging, as it lowers the cost of an attack,
with a de facto standardization on a set of protocols. The discovery of a vulnerability
now has a broader impact on various verticals (business use cases),
while previously, some were in a segregated protocol stack requiring independent
vulnerability research. Furthermore, defining a perimeter within a cloudified
system is non-trivial, whereas before, the dedicated equipment already
created a perimeter. This proposal takes the newer technologies of network
softwarization and virtualization, both Cloud-enablers, to create new dynamic
security mechanisms that address this asymmetric relationship using novel
Moving Target Defense (MTD) approaches. The effective use of the exploration
space, combined with the reconfiguration capabilities of frameworks like
Network Function Virtualization (NFV) and Management and Orchestration
(MANO), should allow for adjusting defense levels dynamically to achieve the
required security as defined by the currently acceptable risk. The optimization
tasks and integration tasks of this thesis explore these concepts. Furthermore,
the proposed novel mechanisms were evaluated in real-world use cases, such
as 5G networks or other Network Slicing enabled infrastructures.A relação entre atacantes e defensores tem sido tradicionalmente assimétrica,
com os atacantes a terem o tempo como vantagem para conceberem
uma exploração que comprometa o defensor. O impulso para a Cloudificação
do mundo torna a situação mais desafiante, pois reduz o custo de um
ataque, com uma padronização de facto sobre um conjunto de protocolos.
A descoberta de uma vulnerabilidade tem agora um impacto mais amplo em
várias verticais (casos de uso empresarial), enquanto anteriormente, alguns
estavam numa pilha de protocolos segregados que exigiam uma investigação
independente das suas vulnerabilidades. Além disso, a definição de um
perímetro dentro de um sistema Cloud não é trivial, enquanto antes, o equipamento
dedicado já criava um perímetro. Esta proposta toma as mais recentes
tecnologias de softwarização e virtualização da rede, ambas facilitadoras da
Cloud, para criar novos mecanismos dinâmicos de segurança que incidem sobre
esta relação assimétrica utilizando novas abordagens de Moving Target
Defense (MTD). A utilização eficaz do espaço de exploração, combinada com
as capacidades de reconfiguração de frameworks como Network Function
Virtualization (NFV) e Management and Orchestration (MANO), deverá permitir
ajustar dinamicamente os níveis de defesa para alcançar a segurança
necessária, tal como definida pelo risco actualmente aceitável. As tarefas de
optimização e de integração desta tese exploram estes conceitos. Além disso,
os novos mecanismos propostos foram avaliados em casos de utilização no
mundo real, tais como redes 5G ou outras infraestruturas de Network Slicing.Programa Doutoral em Engenharia Informátic
A Taxonomy of Data Grids for Distributed Data Sharing, Management and Processing
Data Grids have been adopted as the platform for scientific communities that
need to share, access, transport, process and manage large data collections
distributed worldwide. They combine high-end computing technologies with
high-performance networking and wide-area storage management techniques. In
this paper, we discuss the key concepts behind Data Grids and compare them with
other data sharing and distribution paradigms such as content delivery
networks, peer-to-peer networks and distributed databases. We then provide
comprehensive taxonomies that cover various aspects of architecture, data
transportation, data replication and resource allocation and scheduling.
Finally, we map the proposed taxonomy to various Data Grid systems not only to
validate the taxonomy but also to identify areas for future exploration.
Through this taxonomy, we aim to categorise existing systems to better
understand their goals and their methodology. This would help evaluate their
applicability for solving similar problems. This taxonomy also provides a "gap
analysis" of this area through which researchers can potentially identify new
issues for investigation. Finally, we hope that the proposed taxonomy and
mapping also helps to provide an easy way for new practitioners to understand
this complex area of research.Comment: 46 pages, 16 figures, Technical Repor
Privacy-preserving alert correlation and report retrieval
Intrusion Detection Systems (IDSs) have been widely deployed on both hosts and networks and serve as a second line of defense. Generally, an IDS flags malicious activates as IDS alerts and forwards them to security officers for further responses. The core issue of IDSs is to minimize both false positives and false negatives. Previous research shows that alert correlation is an effective solution. Moreover, alert correlation (in particular, under the cross-domain setting) can fuse distributed information together and thus be able to detect large-scale attacks that local analysis fails to handle. However, in practice the wide usage of alert correlation is hindered by the privacy concern. In this thesis, we propose the TEIRESIAS protocol, which can ensure the privacy-preserving property during the whole process of sharing and correlating alerts, when incorporated with anonymous communication systems. Furthermore, we also take the fairness issue into consideration when designing the procedure of retrieving the results of correlation. More specifically, a contributor can privately retrieve correlated reports in which she involved. The TEIRESIAS protocol is based mainly on searchable encryption, including both symmetric-key encryption with keyword search (SEKS) and public-key encryption with keyword search (PEKS). While designing TEIRESIAS, we identify a new statistical guessing attack against PEKS. To address this problem, we propose the PEKSrand scheme, which is an extension of PEKS and can mitigate both brute-force guessing attacks and statistical guessing attacks. The PEKSrand scheme can either be used independently or be combined with TEIRESIAS to further improve its privacy protection
Security in Distributed, Grid, Mobile, and Pervasive Computing
This book addresses the increasing demand to guarantee privacy, integrity, and availability of resources in networks and distributed systems. It first reviews security issues and challenges in content distribution networks, describes key agreement protocols based on the Diffie-Hellman key exchange and key management protocols for complex distributed systems like the Internet, and discusses securing design patterns for distributed systems. The next section focuses on security in mobile computing and wireless networks. After a section on grid computing security, the book presents an overview of security solutions for pervasive healthcare systems and surveys wireless sensor network security
Nature-inspired survivability: Prey-inspired survivability countermeasures for cloud computing security challenges
As cloud computing environments become complex, adversaries have become highly sophisticated and unpredictable. Moreover, they can easily increase attack power and persist longer before detection. Uncertain malicious actions, latent risks, Unobserved or Unobservable risks (UUURs) characterise this new threat domain. This thesis proposes prey-inspired survivability to address unpredictable security challenges borne out of UUURs. While survivability is a well-addressed phenomenon in non-extinct prey animals, applying prey survivability to cloud computing directly is challenging due to contradicting end goals. How to manage evolving survivability goals and requirements under contradicting environmental conditions adds to the challenges. To address these challenges, this thesis proposes a holistic taxonomy which integrate multiple and disparate perspectives of cloud security challenges. In addition, it proposes the TRIZ (Teorija Rezbenija Izobretatelskib Zadach) to derive prey-inspired solutions through resolving contradiction. First, it develops a 3-step process to facilitate interdomain transfer of
concepts from nature to cloud. Moreover, TRIZ’s generic approach suggests specific
solutions for cloud computing survivability. Then, the thesis presents the conceptual prey-inspired cloud computing survivability framework (Pi-CCSF), built upon TRIZ derived solutions. The framework run-time is pushed to the user-space to support evolving survivability design goals. Furthermore, a target-based decision-making technique (TBDM) is proposed to manage survivability decisions. To evaluate the prey-inspired survivability concept, Pi-CCSF simulator is developed and implemented. Evaluation results shows that escalating survivability actions improve the vitality of vulnerable and compromised virtual machines (VMs) by 5% and dramatically improve their overall survivability. Hypothesis testing conclusively supports the hypothesis that the escalation mechanisms can be applied to enhance the survivability of cloud computing systems. Numeric analysis of TBDM shows that by considering survivability preferences and attitudes (these directly impacts survivability actions), the TBDM method brings unpredictable survivability information closer to decision processes. This enables efficient execution of variable escalating survivability actions, which enables the Pi-CCSF’s decision
system (DS) to focus upon decisions that achieve survivability outcomes under unpredictability imposed by UUUR
- …