Multilevel adaptive security system

Recent trends show increased demand for content-rich media such as images, videos and text in ad-hoc communication. Since such content often tends to be private, sensitive, or paid for, there exists a requirement for securing such information over resource constrained ad hoc networks. In this work, traditional data security mechanisms, existing ad hoc secure routing protocols and multilevel security are first reviewed. Then a new system, called the Multilevel Adaptive Security System, which incorporates the multilevel security concept at both the application layer and the network layer, is proposed to provide adaptive security services for data and routing processes. MLASS is composed of two subsystems: Content-Based Multi-level Data Security (CB-MLDS) for content-rich data protection and Multi-Level On-demand Secure Mobile Ad hoc Routing (MOSAR) for secure route selection. The structure of each sub-system is explained in detail; experiments for each sub-system were conducted and the performance was analyzed. It is shown that MLASS is a practical security solution that is flexible enough to adapt to a range of security requirements and applies appropriate level of security services to data and its distribution over ad hoc networks. MLASS provides a balance between security, performance and resource

Vulnerability Assessment and Privacy-preserving Computations in Smart Grid

Modern advances in sensor, computing, and communication technologies enable various smart grid applications which highlight the vulnerability that requires novel approaches to the field of cybersecurity. While substantial numbers of technologies have been adopted to protect cyber attacks in smart grid, there lacks a comprehensive review of the implementations, impacts, and solutions of cyber attacks specific to the smart grid.In this dissertation, we are motivated to evaluate the security requirements for the smart grid which include three main properties: confidentiality, integrity, and availability. First, we review the cyber-physical security of the synchrophasor network, which highlights all three aspects of security issues. Taking the synchrophasor network as an example, we give an overview of how to attack a smart grid network. We test three types of attacks and show the impact of each attack consisting of denial-of-service attack, sniffing attack, and false data injection attack.Next, we discuss how to protect against each attack. For protecting availability, we examine possible defense strategies for the associated vulnerabilities.For protecting data integrity, a small-scale prototype of secure synchrophasor network is presented with different cryptosystems. Besides, a deep learning based time-series anomaly detector is proposed to detect injected measurement. Our approach observes both data measurements and network traffic features to jointly learn system states and can detect attacks when state vector estimator fails.For protecting data confidentiality, we propose privacy-preserving algorithms for two important smart grid applications. 1) A distributed privacy-preserving quadratic optimization algorithm to solve Security Constrained Optimal Power Flow (SCOPF) problem. The SCOPF problem is decomposed into small subproblems using the Alternating Direction Method of Multipliers (ADMM) and gradient projection algorithms. 2) We use Paillier cryptosystem to secure the computation of the power system dynamic simulation. The IEEE 3-Machine 9-Bus System is used to implement and demonstrate the proposed scheme. The security and performance analysis of our implementations demonstrate that our algorithms can prevent chosen-ciphertext attacks at a reasonable cost

Investigation of Afghanistan network infrastructure for cyber security

06.03.2018 tarihli ve 30352 sayılı Resmi Gazetede yayımlanan “Yükseköğretim Kanunu İle Bazı Kanun Ve Kanun Hükmünde Kararnamelerde Değişiklik Yapılması Hakkında Kanun” ile 18.06.2018 tarihli “Lisansüstü Tezlerin Elektronik Ortamda Toplanması, Düzenlenmesi ve Erişime Açılmasına İlişkin Yönerge” gereğince tam metin erişime açılmıştır.Anahtar Kelimeler: Siber güvenlik, siber saldırılar, siber savaşlar, güvenlik açığı, gizlilik, bütünlük, ağ altyapısı, iletişim ve bilgi sistemleri. Global endüstriler büyük ölçüde bilgi ve veri güvenliğine yatırım yapıyor. Sanal iletişim zamanında, herhangi bir topolojisinde, öncelikle geçerlik ve güvenliği garanti altına almalı. Aksi takdirde bu tür iletişim karmaşık sorunlara ve kaynakların ağlar üzerinde zarar görmesine neden olur. Halbuki iletişim sistemleri savunmasızdır, Ülkenin bilgi bütünlüğüne, gizliliğine ve kullanılabilirliğine güvenmesi, siber güvenliğinin yetersizliğinden tam tersidir. Aslında, iletişim sistemleri veya internet öncelikle odaklı veya insan zihnindeki güvenlikle tasarlanmamıştır. Diğer bir deyişle, çok sayıda ağ bileşeninin koordinasyonu, öncelikle hava-arayüzü üzerinden kurulan veya ağ üzerinden önceden tanımlanmış protokoller altında fiziksel olarak entegre edilmiş güvenli bir bağlantıya ihtiyaç duyar. Ayrıca, bir hükümetin gerçekleştirme sorumluluğundan biri, siber ortamda ya da gerçekçi saldırı ve tehditlerle mücadele etmek için bir caydırma ekibi ya da teşkilatı oluşturmaktır. Modern iletişim sistemlerinde, siber saldırılar casusluk açısından gittikçe artmaktadır ve bilgi sistemlerine ciddi zarar vermek suretiyle siber alanın geleceğinde büyük bir sorun çıkarmaktadır. Öte yandan, Afganistan hükümeti, herhangi bir dışa bağımlı siber saldırılara karşı iyi tanımlanmış bir stratejiye sahip değilken, casusluktan sorumlu olan ve Afganistan'daki siber alanda katastrofik sorunlar çıkaran ülkelerden aktarılan değiştirilebilir verilerin büyük bir çoğunluğu bulunmaktadır. Bu sorunlar dikkate alındığında, bu çalışma Afganistan'da siber saldırılar ve siber istismar, bilgi güvenliği ile ilgili zorluklar, siber saldırıların mevcut Afganistan ağ altyapıları üzerindeki etkileri ve analizleri de dahil olmak üzere siber tehditlerle ilgilidir. Siberayla ilgili belirgin ve belirgin olmayan siber saldırılar için bir şekilde çözümün yanı sıra, mevcut ve gelecekteki siber krizin, modellerin ve simülasyon özelliklerinin bu raporun kısmen bir bölümünde analizi tanımlanmıştır. Bununla birlikte, güvenlik açısından Afganistan'ın mevcut siber durumuna, yaygın gelecekteki siber güvenlik ve siber güvenlik zorluklarına ilişkin sorunlar da bu raporda gösterilmektedir.Global industries are investing heavily in information and data security. At the time of virtual communication under any types of topologies, firstly, the validity and security must be guaranteed. Otherwise, such communication cause complex problems and resources damage over the networks. However, communication systems are vulnerable, the nation's reliance on the integrities, confidentialities, and availabilities of information stand in stark contrast to the inadequacy of their cybersecurity. In fact, communication systems or internet was not primarily designed with security in oriented or human minds. On the other word, coordinating of huge numbers of network components, first of all, need to a secure connection, either such connection established via air-interface or integrated physically under predefined protocols over the network. Additionally, one of the accomplishment responsibility of a government is creating a deterrence team or military to combat any types of attack and threat either on cyberspace or on realistic. In modern communication systems cyber-attacks becoming increasingly in terms of espionage, and it would make a big challenge in the future of cyberspace by causing serious damage to information systems. From the other hand, the government of Afghanistan does not have a well-defined strategy against any types of outsider cyberattacks while the huge amount of the exchangeable data transferring from the countries who are in charge of espionage and attempt to make catastrophic problems on Afghanistan's cyberspace. In consideration to these issues, this study concerned in Afghanistan's cyber-threats including cyber-attacks and cyber-exploit, information security challenges, analysis and effects of cyber-attacks on current Afghanistan network infrastructures. Definition of somewhat solution for distinctive and non-distinctive cyber-attacks over cyberspace, as well as the analysis of current and future cyberspace crisis, models and simulations aspect in some partial part of this report, has been also covered. However, current cyberspace status of Afghanistan in term of security, challenges of prevalent future cyber security and cyber security difficulties have also illustrated in this report

Autonomous Vehicles:The Cybersecurity Vulnerabilities and Countermeasures for Big Data Communication

The possible applications of communication based on big data have steadily increased in several industries, such as the autonomous vehicle industry, with a corresponding increase in security challenges, including cybersecurity vulnerabilities (CVs). The cybersecurity-related symmetry of big data communication systems used in autonomous vehicles may raise more vulnerabilities in the data communication process between these vehicles and IoT devices. The data involved in the CVs may be encrypted using an asymmetric and symmetric algorithm. Autonomous vehicles with proactive cybersecurity solutions, power-based cyberattacks, and dynamic countermeasures are the modern issues/developments with emerging technology and evolving attacks. Research on big data has been primarily focused on mitigating CVs and minimizing big data breaches using appropriate countermeasures known as security solutions. In the future, CVs in data communication between autonomous vehicles (DCAV), the weaknesses of autonomous vehicular networks (AVN), and cyber threats to network functions form the primary security issues in big data communication, AVN, and DCAV. Therefore, efficient countermeasure models and security algorithms are required to minimize CVs and data breaches. As a technique, policies and rules of CVs with proxy and demilitarized zone (DMZ) servers were combined to enhance the efficiency of the countermeasure. In this study, we propose an information security approach that depends on the increasing energy levels of attacks and CVs by identifying the energy levels of each attack. To show the results of the performance of our proposed countermeasure, CV and energy consumption are compared with different attacks. Thus, the countermeasures can secure big data communication and DCAV using security algorithms related to cybersecurity and effectively prevent CVs and big data breaches during data communication

Context-Aware Security for 6G Wireless The Role of Physical Layer Security

Sixth generation systems are expected to face new security challenges, while opening up new frontiers towards context awareness in the wireless edge. The workhorse behind this projected technological leap will be a whole new set of sensing capabilities predicted for 6G devices, in addition to the ability to achieve high precision localization. The combination of these enhanced traits can give rise to a new breed of context-aware security protocols, following the quality of security (QoSec) paradigm. In this framework, physical layer security solutions emerge as competitive candidates for low complexity, low-delay and low-footprint, adaptive, flexible and context aware security schemes, leveraging the physical layer of the communications in genuinely cross-layer protocols, for the first time.Comment: arXiv admin note: text overlap with arXiv:2011.0732

Composite DoS attack model

Preparation for potential threats is one of the most important phases ensuring system security. It allows evaluating possible losses, changes in the attack process, the effectiveness of used countermeasures, optimal system settings, etc. In cyberattack cases, executing real experiments can be difficult for many reasons. However, mathematical or programming models can be used instead of conducting experiments in a real environment. This work proposes a composite denial of service attack model that combines bandwidth exhaustion, filtering and memory depletion models for a more real representation of similar cyber-attacks. On the basis of the introduced model, different experiments were done. They showed the main dependencies of the influence of attacker and victim’s properties on the success probability of denial of service attack. In the future, this model can be used for the denial of service attack or countermeasure optimization. Article in English. Jungtinis DoS atakų modelis Santrauka. Siekiant užkirsti kelią bet kokioms sistemų saugumo grėsmėms, vienas iš svarbiausių uždavinių yra prevencija. Tai leidžia numatyti galimus pavojus ir kovos su jais būdus, nustatyti jų efektyvumą ir pan. Tačiau realiai eksperimentuoti su turima sistema dažnai gali būti pernelyg sudėtinga, todėl daug lengviau šią problemą spręsti padeda matematiniai / programiniai modeliai. Straipsnyje siūlomas naujas DoS atakų modelis, sujungiantis kelių tipų DoS atakas (srauto ir atminties išnaudojimo, netinkamo filtrų nustatymo) ir jų įtaką viena kitai. Remiantis šiuo naujai sukurtu modeliu atlikti eksperimentai, kurių metu vertinama skirtingų atakos ir aukos savybių reikšmių įtaka bendrai atakos sėkmės tikimybei. Raktiniai žodžiai: elektroninės paslaugos trikdymo ataka; modelis; DoS; DDo

From security to assurance in the cloud: a survey

The cloud computing paradigm has become a mainstream solution for the deployment of business processes and applications. In the public cloud vision, infrastructure, platform, and software services are provisioned to tenants (i.e., customers and service providers) on a pay-as-you-go basis. Cloud tenants can use cloud resources at lower prices, and higher performance and flexibility, than traditional on-premises resources, without having to care about infrastructure management. Still, cloud tenants remain concerned with the cloud's level of service and the nonfunctional properties their applications can count on. In the last few years, the research community has been focusing on the nonfunctional aspects of the cloud paradigm, among which cloud security stands out. Several approaches to security have been described and summarized in general surveys on cloud security techniques. The survey in this article focuses on the interface between cloud security and cloud security assurance. First, we provide an overview of the state of the art on cloud security. Then, we introduce the notion of cloud security assurance and analyze its growing impact on cloud security approaches. Finally, we present some recommendations for the development of next-generation cloud security and assurance solutions