A Practical Approach to Protect IoT Devices against Attacks and Compile Security Incident Datasets

open access articleThe Internet of Things (IoT) introduced the opportunity of remotely manipulating home appliances (such as heating systems, ovens, blinds, etc.) using computers and mobile devices. This idea fascinated people and originated a boom of IoT devices together with an increasing demand that was difficult to support. Many manufacturers quickly created hundreds of devices implementing functionalities but neglected some critical issues pertaining to device security. This oversight gave rise to the current situation where thousands of devices remain unpatched having many security issues that manufacturers cannot address after the devices have been produced and deployed. This article presents our novel research protecting IOT devices using Berkeley Packet Filters (BPFs) and evaluates our findings with the aid of our Filter.tlk tool, which is able to facilitate the development of BPF expressions that can be executed by GNU/Linux systems with a low impact on network packet throughput

Game Theory Meets Network Security and Privacy

This survey provides a structured and comprehensive overview of the research contributions that analyze and solve security and privacy problems in computer networks by game-theoretic approaches. A selected set of works are presented to highlight the application of game theory in order to address different forms of security and privacy problems in computer networks and mobile applications. The presented works are classified into six main categories based on their topics: security of the physical and MAC layers, application layer security in mobile networks, intrusion detection systems, anonymity and privacy, economics of network security, and cryptography. In each category, security problems, players, and game models are identified and the main results of selected works, such as equilibrium analysis and security mechanism designs are summarized. In addition, a discussion on advantages, drawbacks, and the future direction of using game theory in this field is provided. In this survey, we aim to provide a better understanding of the different research approaches for applying game theory to network security. This survey can also help researchers from various fields develop game-theoretic solutions to current and emerging security problems in computer networking

Resilience-Building Technologies: State of Knowledge -- ReSIST NoE Deliverable D12

This document is the first product of work package WP2, "Resilience-building and -scaling technologies", in the programme of jointly executed research (JER) of the ReSIST Network of Excellenc

Preliminary Specification of Services and Protocols

This document describes the preliminary specification of services and protocols for the Crutial Architecture. The Crutial Architecture definition, first addressed in Crutial Project Technical Report D4 (January 2007), intends to reply to a grand challenge of computer science and control engineering: how to achieve resilience of critical information infrastructures, in particular in the electrical sector. The definitions herein elaborate on the major architectural options and components established in the Preliminary Architecture Specification (D4), with special relevance to the Crutial middleware building blocks, and are based on the fault, synchrony and topological models defined in the same document. The document, in general lines, describes the Runtime Support Services and APIs, and the Middleware Services and APIs. Then, it delves into the protocols, describing: Runtime Support Protocols, and Middleware Services Protocols. The Runtime Support Services and APIs chapter features as a main component, the Proactive-Reactive Recovery Service, whose aim is to guarantee perpetual execution of any components it protects. The Middleware Services and APIs chapter describes our approach to intrusion-tolerant middleware. The middleware comprises several layers. The Multipoint Network layer is the lowest layer of CRUTIAL's middleware, and features an abstraction of basic communication services, such as provided by standard protocols, like IP, IPsec, UDP, TCP and SSL/TLS. The Communication Support Services feature two important building blocks: the Randomized Intrusion-Tolerant Services (RITAS), and the Overlay Protection Layer (OPL) against DoS attacks. The Activity Support Services currently defined comprise the CIS Protection service, and the Access Control and Authorization service. Protection as described in this report is implemented by mechanisms and protocols residing on a device called Crutial Information Switch (CIS). The Access Control and Authorization service is implemented through PolyOrBAC, which defines the rules for information exchange and collaboration between sub-modules of the architecture, corresponding in fact to different facilities of the CII's organizations.The Monitoring and Failure Detection layer contains a preliminary definition of the middleware services devoted to monitoring and failure detection activities. The remaining chapters describe the protocols implementing the above-mentioned services: Runtime Support Protocols, and Middleware Services Protocol

Cyberterrorism: A postmodern view of networks of terror and how computer security experts and law enforcement officials fight them.

The purpose of this study is to investigate how cyberterrorists create networks in order to engage in malicious activities against the Internet and computers. The purpose of the study is also to understand how computer security labs (i.e., in universities) and various agencies (that is, law enforcement agencies such as police departments and the FBI) create joint networks in their fight against cyberterrorists. This idea of analyzing the social networks of two opposing sides rests on the premise that it takes networks to fight networks. The ultimate goal is to show that, because of the postmodern nature of the Internet, the fight between networks of cyberterrorists and networks of computer security experts (and law enforcement officials) is a postmodern fight. Two theories are used in this study: social network theory and game theory.This study employed qualitative methodology and data were collected via in-depth conversational (face-to-face) interviewing. Twenty-seven computer security experts and law enforcement officials were interviewed. Overall, this study found that cyberterrorists tend not to work alone. Rather, they team up with others through social networks. It was also found that it takes networks to fight networks. As such, it is necessary for experts and officials to combine efforts, through networking, in order to combat, let alone understand, cyberterrorist networks. Of equal relevance is the fact that law enforcement agents and computer security experts do not always engage in battle with cyberterrorists. They sometimes try to interact with them in order to obtain more information about their networks (and vice versa). Finally, four themes were identified from the participants' accounts: (1) postmodern state of chaos, (2) social engineering, (3) know thy enemy, and (4) the enemy of my enemy is my friend

The impact of Self-Generated Images in online pornography

This investigation seeks to evaluate the impact on individuals, and society, of Self-Generated Images (SGI’s) in online pornography. It presents an inquiry into the extent, and modes, of SGI use among a large sample of adult internet users. This form the initial platform for a theoretical analysis of the rapidly emerging topic, alongside an empirical investigation into how SGI’s are used, and criminally abused. A mixed research method strategy was consequently adopted, employing a quantitative anonymous online survey (Stage 1), qualitative face-to-face interviews with serving Metropolitan Police Service officers in the SOECA unit (Stage 2), and qualitative Skype interviews with active SGI users (Stage 3). The thesis is divided into three main sections. Firstly, in chapters one-to-four, the context for this study into SGI’s is explained, including the specific UK statute laws regarding licit and illicit pornographic images. Commonly used pornographic terminologies are defined. Furthermore, existent research on the topic of SGI’s/online pornography is scrutinized, and several theoretical issues are given a discourse in relation to SGI’s. An analysis of the free speech/online pornography debate is included, together with an examination of the criminal abuse of SGI’s. The second part, chapter five, provides a rationale for the adoption of a mixed research methods strategy in pursuing the aims of this study. Many methodological issues regarding the three stages of the primary fieldwork are addressed; these include: ontology, epistemology, research paradigms and axiology, ethical underpinnings, practical considerations, and the strengths and limitations of methods chosen. In the third section, chapters six-to-eight, the study’s key findings include a taxonomy of the six main types of SGI. Passive SGI viewing is very pervasive, particularly among the key demographic groups of younger adults, Lesbian Gay Bisexual Transgender (LGBT) and males, and may be becoming the norm. Free PornTube websites are predominately used; but also, increasingly, social network sites (SNS’s) and messaging/image sharing apps. Most adults use SGI’s safely for sexual stimulation; however, some use them for educational and humorous purposes. For a minority of active creators of SGI’s, disastrous personal consequences can result because of subsequent criminal abuse, including cyber-bullying/trolling, sextortion, etc. Gay and bisexual men have highly accelerated rates of SGI use on hooking-up sites, often leading to hazardous risk taking. Children face grave dangers from making and sharing sexualised SGI’s as online child sexual abuse (CSA), grooming and sextortion, etc. may transpire. In the UK’s schools, Personal, Social and Health Education (PSHE), and Sex and Relationships Education (SRE), are in a parlous state regarding the issues and dangers of SGI’s. Finally, this inquiry provides some original insights into the areas of applying and generating theories, using mixed research methods, and the empirical findings uncovered

Emerging Technologies

This monograph investigates a multitude of emerging technologies including 3D printing, 5G, blockchain, and many more to assess their potential for use to further humanity’s shared goal of sustainable development. Through case studies detailing how these technologies are already being used at companies worldwide, author Sinan Küfeoğlu explores how emerging technologies can be used to enhance progress toward each of the seventeen United Nations Sustainable Development Goals and to guarantee economic growth even in the face of challenges such as climate change. To assemble this book, the author explored the business models of 650 companies in order to demonstrate how innovations can be converted into value to support sustainable development. To ensure practical application, only technologies currently on the market and in use actual companies were investigated. This volume will be of great use to academics, policymakers, innovators at the forefront of green business, and anyone else who is interested in novel and innovative business models and how they could help to achieve the Sustainable Development Goals. This is an open access book

Governança multisetorial e o processo de governança da internet : um estudo de caso sobre crime cibernético e filtragem na internet entre 1990 e 2010

Tese (doutorado)—Universidade de Brasília, Instituto de Relações Internacionais, 2012.Texto em inglês, com os elementos pré-textuais, introdução e conclusão em português.Com o desenvolvimento do código HTML e do primeiro browser no começo dos anos 90, a internet deixou de ser uma rede acessada somente por um grupo relativamente pequeno de pessoas distribuídas por alguns países. A partir do momento em que houve a comercialização da internet, um número crescente de pessoas e atores começou a utilizar esse meio de forma a desenvolver suas próprias visões, ideias e interesses. O que começou como uma rede fundamentalmente usada por programadores e acadêmicos com o objetivo de criar acesso rápido a informações independentes da localização física do usuário se tranformou em uma rede de negócios, um meio de divulgação de direitos básicos, um fórum para qualquer tipo de informação, mas também um espaço para atividades mal intencionadas, crime cibernético ou ataques virtuais. Face a essa alta quantidade de problemas e oportunidades, um grande número de atores do setor público, do setor privado e da sociedade civil criou um novo fenômeno chamado governança de internet, baseado no conceito multi-setorial. A institucionalização desse processo aconteceu quando, em 2005, foi criado o Fórum de Governança de Internet pela Organização das Nações Unidas. Esta tese busca analisar o processo que criou o ambiente multi-setorial da governança de internet com foco nos dois fenômenos de crime cibernético e filtragem da internet. _______________________________________________________________________________________ ABSTRACTWith the development of HTML and the first browser in the beginning of the 1990s, the Internet was no longer a network exclusively for a relatively small group of individuals in a number of countries. With the commercialization of the Internet a growing number of individuals and actors started using this means to develop and follow their own visions, ideas and interests. What had started as a network basically used by programmers and scientists aiming at creating fast access to information independently of the physical location of the user, turned into a business network, a place to divulge basic rights, a forum for any kind of information but also a place for malicious activities, cybercrime, and virtual attacks. Given the high quantity of problems and opportunities a large number of actors from the public sector, the private sector and civil society developed a new phenomenon called Internet governance, based on a multi-stakeholder approach. The institutionalization of this process happened in 2005 when the United Nations Internet Governance Forum was set up. This thesis is analysing the process that built the multi-stakeholder Internet governance environment, with a focus on the two phenomenons cybercrime and Internet filtering

Multidisciplinary perspectives on Artificial Intelligence and the law

This open access book presents an interdisciplinary, multi-authored, edited collection of chapters on Artificial Intelligence (‘AI’) and the Law. AI technology has come to play a central role in the modern data economy. Through a combination of increased computing power, the growing availability of data and the advancement of algorithms, AI has now become an umbrella term for some of the most transformational technological breakthroughs of this age. The importance of AI stems from both the opportunities that it offers and the challenges that it entails. While AI applications hold the promise of economic growth and efficiency gains, they also create significant risks and uncertainty. The potential and perils of AI have thus come to dominate modern discussions of technology and ethics – and although AI was initially allowed to largely develop without guidelines or rules, few would deny that the law is set to play a fundamental role in shaping the future of AI. As the debate over AI is far from over, the need for rigorous analysis has never been greater. This book thus brings together contributors from different fields and backgrounds to explore how the law might provide answers to some of the most pressing questions raised by AI. An outcome of the Católica Research Centre for the Future of Law and its interdisciplinary working group on Law and Artificial Intelligence, it includes contributions by leading scholars in the fields of technology, ethics and the law.info:eu-repo/semantics/publishedVersio

Using MapReduce Streaming for Distributed Life Simulation on the Cloud

Distributed software simulations are indispensable in the study of large-scale life models but often require the use of technically complex lower-level distributed computing frameworks, such as MPI. We propose to overcome the complexity challenge by applying the emerging MapReduce (MR) model to distributed life simulations and by running such simulations on the cloud. Technically, we design optimized MR streaming algorithms for discrete and continuous versions of Conway’s life according to a general MR streaming pattern. We chose life because it is simple enough as a testbed for MR’s applicability to a-life simulations and general enough to make our results applicable to various lattice-based a-life models. We implement and empirically evaluate our algorithms’ performance on Amazon’s Elastic MR cloud. Our experiments demonstrate that a single MR optimization technique called strip partitioning can reduce the execution time of continuous life simulations by 64%. To the best of our knowledge, we are the first to propose and evaluate MR streaming algorithms for lattice-based simulations. Our algorithms can serve as prototypes in the development of novel MR simulation algorithms for large-scale lattice-based a-life models.https://digitalcommons.chapman.edu/scs_books/1014/thumbnail.jp