3,175 research outputs found
Security Management Framework for the Internet of Things
The increase in the design and development of wireless communication technologies
offers multiple opportunities for the management and control of cyber-physical systems
with connections between smart and autonomous devices, which provide the delivery
of simplified data through the use of cloud computing. Given this relationship with the
Internet of Things (IoT), it established the concept of pervasive computing that allows
any object to communicate with services, sensors, people, and objects without human
intervention. However, the rapid growth of connectivity with smart applications through
autonomous systems connected to the internet has allowed the exposure of numerous
vulnerabilities in IoT systems by malicious users.
This dissertation developed a novel ontology-based cybersecurity framework to
improve security in IoT systems using an ontological analysis to adapt appropriate
security services addressed to threats. The composition of this proposal explores
two approaches: (1) design time, which offers a dynamic method to build security
services through the application of a methodology directed to models considering
existing business processes; and (2) execution time, which involves monitoring the IoT
environment, classifying vulnerabilities and threats, and acting in the environment,
ensuring the correct adaptation of existing services.
The validation approach was used to demonstrate the feasibility of implementing the
proposed cybersecurity framework. It implies the evaluation of the ontology to offer
a qualitative evaluation based on the analysis of several criteria and also a proof of
concept implemented and tested using specific industrial scenarios. This dissertation
has been verified by adopting a methodology that follows the acceptance in the research
community through technical validation in the application of the concept in an industrial
setting.O aumento no projeto e desenvolvimento de tecnologias de comunicação sem fio oferece
múltiplas oportunidades para a gestão e controle de sistemas ciber-físicos com conexões
entre dispositivos inteligentes e autônomos, os quais proporcionam a entrega de dados
simplificados através do uso da computação em nuvem. Diante dessa relação com
a Internet das Coisas (IoT) estabeleceu-se o conceito de computação pervasiva que
permite que qualquer objeto possa comunicar com os serviços, sensores, pessoas e objetos
sem intervenção humana. Entretanto, o rápido crescimento da conectividade com as
aplicações inteligentes através de sistemas autônomos conectados com a internet permitiu
a exposição de inúmeras vulnerabilidades dos sistemas IoT para usuários maliciosos.
Esta dissertação desenvolveu um novo framework de cibersegurança baseada em
ontologia para melhorar a segurança em sistemas IoT usando uma análise ontológica
para a adaptação de serviços de segurança apropriados endereçados para as ameaças. A
composição dessa proposta explora duas abordagens: (1) tempo de projeto, o qual oferece
um método dinâmico para construir serviços de segurança através da aplicação de uma
metodologia dirigida a modelos, considerando processos empresariais existentes; e (2)
tempo de execução, o qual envolve o monitoramento do ambiente IoT, a classificação de
vulnerabilidades e ameaças, e a atuação no ambiente garantindo a correta adaptação dos
serviços existentes.
Duas abordagens de validação foram utilizadas para demonstrar a viabilidade da
implementação do framework de cibersegurança proposto. Isto implica na avaliação da
ontologia para oferecer uma avaliação qualitativa baseada na análise de diversos critérios
e também uma prova de conceito implementada e testada usando cenários específicos.
Esta dissertação foi validada adotando uma metodologia que segue a validação na
comunidade científica através da validação técnica na aplicação do nosso conceito em
um cenário industrial
Security, privacy and safety evaluation of dynamic and static fleets of drones
Inter-connected objects, either via public or private networks are the near
future of modern societies. Such inter-connected objects are referred to as
Internet-of-Things (IoT) and/or Cyber-Physical Systems (CPS). One example of
such a system is based on Unmanned Aerial Vehicles (UAVs). The fleet of such
vehicles are prophesied to take on multiple roles involving mundane to
high-sensitive, such as, prompt pizza or shopping deliveries to your homes to
battlefield deployment for reconnaissance and combat missions. Drones, as we
refer to UAVs in this paper, either can operate individually (solo missions) or
part of a fleet (group missions), with and without constant connection with the
base station. The base station acts as the command centre to manage the
activities of the drones. However, an independent, localised and effective
fleet control is required, potentially based on swarm intelligence, for the
reasons: 1) increase in the number of drone fleets, 2) number of drones in a
fleet might be multiple of tens, 3) time-criticality in making decisions by
such fleets in the wild, 4) potential communication congestions/lag, and 5) in
some cases working in challenging terrains that hinders or mandates-limited
communication with control centre (i.e., operations spanning long period of
times or military usage of such fleets in enemy territory). This self-ware,
mission-focused and independent fleet of drones that potential utilises swarm
intelligence for a) air-traffic and/or flight control management, b) obstacle
avoidance, c) self-preservation while maintaining the mission criteria, d)
collaboration with other fleets in the wild (autonomously) and e) assuring the
security, privacy and safety of physical (drones itself) and virtual (data,
software) assets. In this paper, we investigate the challenges faced by fleet
of drones and propose a potential course of action on how to overcome them.Comment: 12 Pages, 7 Figures, Conference, The 36th IEEE/AIAA Digital Avionics
Systems Conference (DASC'17
Beyond the Hype: On Using Blockchains in Trust Management for Authentication
Trust Management (TM) systems for authentication are vital to the security of
online interactions, which are ubiquitous in our everyday lives. Various
systems, like the Web PKI (X.509) and PGP's Web of Trust are used to manage
trust in this setting. In recent years, blockchain technology has been
introduced as a panacea to our security problems, including that of
authentication, without sufficient reasoning, as to its merits.In this work, we
investigate the merits of using open distributed ledgers (ODLs), such as the
one implemented by blockchain technology, for securing TM systems for
authentication. We formally model such systems, and explore how blockchain can
help mitigate attacks against them. After formal argumentation, we conclude
that in the context of Trust Management for authentication, blockchain
technology, and ODLs in general, can offer considerable advantages compared to
previous approaches. Our analysis is, to the best of our knowledge, the first
to formally model and argue about the security of TM systems for
authentication, based on blockchain technology. To achieve this result, we
first provide an abstract model for TM systems for authentication. Then, we
show how this model can be conceptually encoded in a blockchain, by expressing
it as a series of state transitions. As a next step, we examine five prevalent
attacks on TM systems, and provide evidence that blockchain-based solutions can
be beneficial to the security of such systems, by mitigating, or completely
negating such attacks.Comment: A version of this paper was published in IEEE Trustcom.
http://ieeexplore.ieee.org/document/8029486
Context-aware Security for Vehicles and Fleets: A Survey
Vehicles are becoming increasingly intelligent and connected. Interfaces for communication with the vehicle, such as WiFi and 5G, enable seamless integration into the user’s life, but also cyber attacks on the vehicle. Therefore, research is working on in-vehicle countermeasures such as authentication, access controls, or intrusion detection. Recently, legal regulations have also become effective that require automobile manufacturers to set up a monitoring system for fleet-wide security analysis. The growing amount of software, networking, and the automation of driving create new challenges for security. Context-awareness, situational understanding, adaptive security, and threat intelligence are necessary to cope with these ever-increasing risks. In-vehicle security should be adaptive to secure the car in an infinite number of (driving) situations. For fleet-wide analysis and alert triage, knowledge and understanding of the circumstances are required. Context-awareness, nonetheless, has been sparsely considered in the field of vehicle security. This work aims to be a precursor to context-aware, adaptive and intelligent security for vehicles and fleets. To this end, we provide a comprehensive literature review that analyzes the vehicular as well as related domains. Our survey is mainly characterized by the detailed analysis of the context information that is relevant for vehicle security in the future
Cyber security investigation for Raspberry Pi devices
Big Data on Cloud application is growing rapidly. When the cloud is attacked, the investigation relies on digital forensics evidence. This paper proposed the data collection via Raspberry Pi devices, in a healthcare situation. The significance of this work is that could be expanded into a digital device array that takes big data security issues into account. There are many potential impacts in health area. The field of Digital Forensics Science has been tagged as a reactive science by some who believe research and study in the field often arise as a result of the need to respond to event which brought about the needs for investigation; this work was carried as a proactive research that will add knowledge to the field of Digital Forensic Science.
The Raspberry Pi is a cost-effective, pocket sized computer that has gained global recognition since its development in 2008; with the wide spread usage of the device for different computing purposes. Raspberry Pi can potentially be a cyber security device, which can relate with forensics investigation in the near future. This work has used a systematic approach to study the structure and operation of the device and has established security issues that the widespread usage of the device can pose, such as health or smart city. Furthermore, its evidential information applied in security will be useful in the event that the device becomes a subject of digital forensic investigation in the foreseeable future. In healthcare system, PII (personal identifiable information) is a very important issue. When Raspberry Pi plays a processor role, its security is vital; consequently, digital forensics investigation on the Raspberry Pies becomes necessary
A Comparison of Cybersecurity Risk Analysis Tools
This paper presents the ongoing work of a decision aiding software intended to support cyber risk and cyber threats analysis of an information and communications technology infrastructure. The work focuses on the evaluation of the different tools in relation to risk assessment and decision making to incorporate some of the characteristics, metrics and strategies that will help cybersecurity risk analysis, decision-making, prevention measures and risk strategies for infrastructure and the protection of an organization's information assets
Pricing cyber-insurance for systems via maturity models
Pricing insurance for risks associated with information technology systems
presents a complex modelling challenge, combining the disciplines of operations
management, security, and economics. This work proposes a socioeconomic model
for cyber-insurance decisions compromised of entity relationship diagrams,
security maturity models, and economic models, addressing a long-standing
research challenge of capturing organizational structure in the design and
pricing of cyber-insurance policies. Insurance pricing is usually informed by
the long experience insurance companies have of the magnitude and frequency of
losses that arise in organizations based on their size, industry sector, and
location. Consequently, their calculations of premia will start from a baseline
determined by these considerations. A unique challenge of cyber-insurance is
that data history is limited and not necessarily informative of future loss
risk meaning that established actuarial methodology for other lines of
insurance may not be the optimal pricing strategy. The model proposed in this
paper provides a vehicle for agreement between practitioners in the
cyber-insurance ecosystem on cyber-security risks and allows for the users to
choose their desired level of abstraction in the description of a system.Comment: 31 pages, 12 figures, 11 table
- …