Towards a Security, Privacy, Dependability, Interoperability Framework for the Internet of Things

A popular application of ambient intelligence systems constitutes of assisting living services on smart buildings. As intelligence is imported in embedded equipment, the system becomes able to provide smart services (e.g. control lights, airconditioning, provide energy management services etc.). IoT is the main enabler of such environments. However, the interconnection of these cyber-physical systems and the processing of personal data raise serious security and privacy issues. In this paper we present a framework that can guarantee Security, Privacy, Dependability and Interoperability (SPDI) in IoT. Taking advantage of the underlying IoT deployment, the proposed framework not only implements the requested smart functionality but also provide modelling and administration that can guarantee those SPDI properties. Moreover, we provide an application example of the framework in a smart building scenario

Development of an ontology supporting failure analysis of surface safety valves used in Oil & Gas applications

Treball desenvolupat dins el marc del programa 'European Project Semester'.The project describes how to apply Root Cause Analysis (RCA) in the form of a Failure Mode Effect and Criticality Analysis (FMECA) on hydraulically actuated Surface Safety Valves (SSVs) of Xmas trees in oil and gas applications, in order to be able to predict the occurrence of failures and implement preventive measures such as Condition and Performance Monitoring (CPM) to improve the life-span of a valve and decrease maintenance downtime. In the oil and gas industry, valves account for 52% of failures in the system. If these failures happen unexpectedly it can cause a lot of problems. Downtime of the oil well quickly becomes an expensive problem, unscheduled maintenance takes a lot of extra time and the lead-time for replacement parts can be up to 6 months. This is why being able to predict these failures beforehand is something that can bring a lot of benefits to a company. To determine the best course of action to take in order to be able to predict failures, a FMECA report is created. This is an analysis where all possible failures of all components are catalogued and given a Risk Priority Number (RPN), which has three variables: severity, detectability and occurrence. Each of these is given a rating between 0 and 10 and then the variables are multiplied with each other, resulting in the RPN. The components with an RPN above an acceptable risk level are then further investigated to see how to be able to detect them beforehand and how to mitigate the risk that they pose. Applying FMECA to the SSV mean breaking the system down into its components and determining the function, dependency and possible failures. To this end, the SSV is broken up into three sub-systems: the valve, the actuator and the hydraulic system. The hydraulic system is the sub-system of the SSV responsible for containing, transporting and pressurizing of the hydraulic fluid and in turn, the actuator. It also contains all the safety features, such as pressure pilots, and a trip system in case a problem is detected in the oil line. The actuator is, as the name implies, the sub-system which opens and closes the valve. It is made up of a number of parts such as a cylinder, a piston and a spring. These parts are interconnected in a number of ways to allow the actuator to successfully perform its function. The valve is the actual part of the system which interacts with the oil line by opening and closing. Like the actuator, this sub-system is broken down into a number of parts which work together to perform its function. After breaking down and defining each subsystem on a functional level, a model was created using a functional block diagram. Each component also allows for the defining of dependencies and interactions between the different components and a failure diagram for each component. This model integrates the three sub-systems back into one, creating a complete picture of the entire system which can then be used to determine the effects of different failures in components to the rest of the system. With this model completed we created a comprehensive FMECA report and test the different possible CPM solutions to mitigate the largest risks

Key recycling in authentication

In their seminal work on authentication, Wegman and Carter propose that to authenticate multiple messages, it is sufficient to reuse the same hash function as long as each tag is encrypted with a one-time pad. They argue that because the one-time pad is perfectly hiding, the hash function used remains completely unknown to the adversary. Since their proof is not composable, we revisit it using a composable security framework. It turns out that the above argument is insufficient: if the adversary learns whether a corrupted message was accepted or rejected, information about the hash function is leaked, and after a bounded finite amount of rounds it is completely known. We show however that this leak is very small: Wegman and Carter's protocol is still $\epsilon$-secure, if $\epsilon$-almost strongly universal$_2$ hash functions are used. This implies that the secret key corresponding to the choice of hash function can be reused in the next round of authentication without any additional error than this $\epsilon$. We also show that if the players have a mild form of synchronization, namely that the receiver knows when a message should be received, the key can be recycled for any arbitrary task, not only new rounds of authentication.Comment: 17+3 pages. 11 figures. v3: Rewritten with AC instead of UC. Extended the main result to both synchronous and asynchronous networks. Matches published version up to layout and updated references. v2: updated introduction and reference

Security Evaluation of Support Vector Machines in Adversarial Environments

Support Vector Machines (SVMs) are among the most popular classification techniques adopted in security applications like malware detection, intrusion detection, and spam filtering. However, if SVMs are to be incorporated in real-world security systems, they must be able to cope with attack patterns that can either mislead the learning algorithm (poisoning), evade detection (evasion), or gain information about their internal parameters (privacy breaches). The main contributions of this chapter are twofold. First, we introduce a formal general framework for the empirical evaluation of the security of machine-learning systems. Second, according to our framework, we demonstrate the feasibility of evasion, poisoning and privacy attacks against SVMs in real-world security problems. For each attack technique, we evaluate its impact and discuss whether (and how) it can be countered through an adversary-aware design of SVMs. Our experiments are easily reproducible thanks to open-source code that we have made available, together with all the employed datasets, on a public repository.Comment: 47 pages, 9 figures; chapter accepted into book 'Support Vector Machine Applications

Building Organizational Capacity for Preventive Conservation

Despite a centuries-old call for the incremental care of historic sites, stewards remain challenged to embrace a proactive philosophy for building preservation. This philosophy, termed “preventive conservation,” is not only a technical strategy for enabling the long-term preservation of historic resources, but is also an effective approach to historic site management. Through semi-structured interviews with thirteen stewards of historic sites across the United States, this thesis addresses the question: how can organizations build sufficient capacity for successful implementation of preventive conservation? First, the pursuant analysis reveals that capacity for preventive conservation is limited by inconsistently applied terminology, both within and across disciplines. Second, interviews demonstrated that stewards are overwhelmed by deferred maintenance, a perceived barrier to implementing preventive conservation. By clarifying the definition of preventive conservation and acknowledging its relationship to deferred maintenance, this thesis proposes a process for organizational change that guides stewards from deferral to a sustainable state of prevention

A Discussion on Life Systems Security and the Systems Approach

The relationship between information technology and information security historically has been quite reactive. New innovations in information technology have often been accompanied by new security threats that create challenges to its reliability and overall integrity. In this paper, a historical perspective that outlines the evolution in the development of the security function is used as a starting base. Changes in the way security issues are viewed and how this view affects the design and development of secure systems are then postulated. It is proposed that these changes should be incorporated into the security functions of any waterfall development model, and especially during the initial and terminating stages

A Survey of Symbolic Methods in Computational Analysis of Cryptographic Systems

Since the 1980s, two approaches have been developed for analyzing security protocols. One of the approaches relies on a computational model that considers issues of complexity and probability. This approach captures a strong notion of security, guaranteed against all probabilistic polynomial-time attacks. The other approach relies on a symbolic model of protocol executions in which cryptographic primitives are treated as black boxes. Since the seminal work of Dolev and Yao, it has been realized that this latter approach enables significantly simpler and often automated proofs. However, the guarantees that it offers have been quite unclear. For more than twenty years the two approaches have coexisted but evolved mostly independently. Recently, significant research efforts attempt to develop paradigms for cryptographic systems analysis that combines the best of both worlds. There are two broad directions that have been followed. {\em Computational soundness} aims to establish sufficient conditions under which results obtained using symbolic models imply security under computational models. The {\em direct approach} aims to apply the principles and the techniques developed in the context of symbolic models directly to computational ones. In this paper we survey existing results along both of these directions. Our goal is to provide a rather complete summary that could act as a quick reference for researchers who want to contribute to the field, want to make use of existing results, or just want to get a better picture of what results already exist