Implementing Provable Security and Group Key Agreement for Conbe Scheme

encoding is used during a communication system to secure data within the transmitted messages from anyone apart from the well intended receiver. To perform the encryption and decryption the transmitter and receiver should have matching encoding and decryption keys. For causing safeguard data to group required broadcast encoding (BE). BE permits a sender to securely broadcast to any set of members and need a trusted party to distribute decryption keys. Group key agreement (GKA) protocol permits variety of users to determine a common secret channel via open networks. Observing that a significant goal of GKA for many applications is to make a confidential channel among group members, however a sender cannot omit any explicit member from decrypting the cipher texts. By bridging BE and GKA notion with a hybrid primitive said as contributory broadcast encoding (CBE). With these primitives, a bunch of members move through a standard public encoding key whereas every member having their secret writing key; A sender seeing the general public cluster encoding key will limit the secret writing to set of members of sender‘s selection. An easy way to generate these keys is to use the general public key distribution system invented by Diffie and Hellman. That system, however, pass only 1 combine of communication stations to share a specific combine of encoding and secret writing keys. Key distribution sets are used to generate keys and Elliptic Curve Cryptography (ECC) is used for the encoding and decryption of documents; and this tends to give the protection for the documents over group communication

A Survey on Security Threats and Countermeasures in IEEE Test Standards

International audienceEditor's note: Test infrastructure has been shown to be a portal for hackers. This article reviews the threats and countermeasures for IEEE test infrastructure standards

A Decentralized Personal Data Store based on Ethereum: Towards GDPR Compliance

Sharing personal data with service providers is a fundamental resource for the times we live in. But data sharing represents an unavoidable issue, due to improper data treatment, lack of users\u27 awareness to whom they are sharing with, wrong or excessive data sharing from end users who ignore they are exposing personal information. The problem becomes even more complicate if we try to consider the devices around us: how to share devices we own, so that we can receive pervasive services, based on our contexts and device functionalities. The European Authority has provided the General Data Protection Regulation (GDPR), in order to implement protection of sensitive data in each EU member, throughout certification mechanisms (according to Art. 42 GDPR). The certification assures compliance to the regulation, which represent a mandatory requirement for any service which may come in contact with sensitive data. Still the certification is an open process and not constrained by strict rule. In this paper we describe our decentralized approach in sharing personal data in the era of smart devices, being those considered sensitive data as well. Having in mind the centrality of users in the ownership of the data, we have proposed a decentralized Personal Data Store prototype, which stands as a unique data sharing endpoint for third party services. Even if blockchain technologies may seem fit to solve the issue of data protection, because of the absence of a central authority, they lay to additional concerns especially relating such technologies with specifications described in the regulation. The current work offers a contribution in the advancements of personal data sharing management systems in a distributed environment by presenting a real prototype and an architectural blueprint, which advances the state of the art in order to meet the GDPR regulation. Address those arisen issues, from a technological perspective, stands as an important challenge, in order to empower end users in owning their personal data for real

Malicious Digital Penetration of United States Weaponized Military Unmanned Aerial Vehicle Systems: A National Security Perspective Concerning the Complexity of Military UAVs and Hacking

The United States’ (US) military unmanned aerial vehicle (UAV) has seen increased usage under the post 9/11 military engagements in the Middle East, Afghanistan, and within American borders. However, the very digital networks controlling these aircrafts are now enduring malicious intrusions (hacking) by America’s enemies. . The digital intrusions serve as a presage over the very digital networks the US relies upon to safeguard its national security and interests and domestic territory. The complexity surrounding the hacking of US military UAVs appears to be increasing, given the advancements in digital networks and the seemingly inauspicious nature of artificial intelligence and autonomous systems. Being most victimized by malicious digital intrusions, the US continues its military components towards growing dependence upon digital networks in advancing warfare and national security and interests. Thus, America’s netcentric warfare perspectives may perpetuate a chaotic environment where the use of military force is the sole means of safeguarding its digital networks

Multimedia

The nowadays ubiquitous and effortless digital data capture and processing capabilities offered by the majority of devices, lead to an unprecedented penetration of multimedia content in our everyday life. To make the most of this phenomenon, the rapidly increasing volume and usage of digitised content requires constant re-evaluation and adaptation of multimedia methodologies, in order to meet the relentless change of requirements from both the user and system perspectives. Advances in Multimedia provides readers with an overview of the ever-growing field of multimedia by bringing together various research studies and surveys from different subfields that point out such important aspects. Some of the main topics that this book deals with include: multimedia management in peer-to-peer structures & wireless networks, security characteristics in multimedia, semantic gap bridging for multimedia content and novel multimedia applications

Ethereum Smart Contracts for Educational Certificates

Since blockchains started making its steps for recognition to the world, it began achieving new forms of entries in the daily life, a simple example is the way society trade with virtual coins - cryptocurrency. By this definition, the education fields can take advantage of this flexible system to ensure the recognition’s work of the scholar. With the ability of students getting credit for the knowledge that happens anywhere, not just in schools or formal classes, to be certificated in the blockchain so it answers all sorts of manners of availability and validation. This work is prompted to demonstrate how the smart contracts transactions can be used in learning areas, to historically maintain educational certified documents on the blockchain. In such way, the investigation of the Ethereum’s blockchain is taken into consideration, to obtain an essential overview of the functionalities that allow to create a prototype, for the certificate management between entities.Desde que os blockchains começaram a tomar os seus passos no reconhecimento mundial, foi possível contrastar novas mudanças na vida diária, um exemplo simples é a forma como a sociedade troca valores com moedas virtuais - cryptocurrency. Por essa afirmação, áreas da educação podem aproveitar esse sistema flexível para garantir o reconhecimento do trabalho acadêmico do aluno. Com a capacidade de os alunos obterem reconhecimento pela aprendizagem que se sucede em qualquer lugar, não apenas nas escolas ou nas aulas, de modo a que seja assegurado no blockchain, comprovando vários tipos de disponibilidade e validação. Este trabalho demonstra como as transações de smart contracts podem ser usadas nas áreas da educação, mantendo historicamente os documentos certificados no blockchain. Desta forma, a investigação do blockchain do Ethereum tida em consideração, para obter uma visão essencial das funcionalidades que permitem desenvolver um protótipo, para a gestão dos certificados entre as entidades

Using Covert Means to Establish Cybercraft Command and Control

With the increase in speed and availability of computers, our nation\u27s computer and information systems are being attacked with increased sophistication. The Air Force Research Laboratory (AFRL) Information Directorate (RI) is researching a next generation network defense architecture, called Cybercraft, that provides automated and trusted cyber defense capabilities for AF network assets. This research we consider the issues to protect or obfuscate command and control aspects of Cybercraft. In particular, we present a methodology to hide aspects of Cybercraft platform initialization in context to formation of hierarchical, peer-to-peer groups that collectively form the Cybercraft network. Because malicious code networks (known as botnets) currently manifest many properties of obfuscating command and control sequencing, we evaluate and consider our proposed methodology in light of leading bot detection algorithms. This research subjects Bothunter to a series of tests to validate these claims. We use a leading bot detection utility, Bothunter, and an ARP validation tool, XArp, to build a case for the effectiveness of our approach. We present three scenarios that correlate to how we believe Cybercraft platforms integrate in the future and consider stealthiness in terms of these representative tools. Our research gives emphasis on measurable hiding related to the Cybercraft initialization sequence, and we show how common network protocols such as ARP, HTTP, and DNS may be modified to carry C2 commands while evading common detection methods found in current tools

Business on Chain: A Comparative Case Study of Five Blockchain-Inspired Business Models

Blockchain technology, despite its origins as the underlying infrastructure for value transfer in the era of cryptocurrency, has been touted as the main disruptive force in modern businesses. Blockchain has the capacity to chronologically capture and store transactional data in a standardized and tamper-proof format that is transparent to all stakeholders involved in the transaction. This, in turn, has prompted companies to rethink preexisting business practices, thereby yielding a myriad of fascinating business models anchored in blockchain technology. In this study, we advance contemporary knowledge of business applications of blockchain by drawing on the theoretical lens of the digital business model and value configuration to decipher how pioneers in this space are leveraging blockchain to create and capture value. Through a comparative, multiple case study approach, we analyzed five companies in mainland China that have rolled out blockchain initiatives. From our case analyses, we derived a typology of five blockchain-inspired business models, each of which embodies a distinctive logic for market differentiation. For each business model, we offer insights into its value creation logic, its value capturing mechanism, and the challenges that could threaten its longer-term viability. Grounded in our findings, we discuss key implications for theory and practice

Securing mHealth - Investigating the development of a novel information security framework

The deployment of Mobile Health (mHealth) platforms as well as the use of mobile and wireless technologies have significant potential to transform healthcare services. The use of mHealth technologies allow a real-time remote monitoring as well as direct access to healthcare data so that users (e.g., patients and healthcare professionals) can utilise mHealth services anywhere and anytime. Generally, mHealth offers smart solutions to tackle challenges in healthcare. However, there are still various issues regarding the development of the mHealth system. One of the most common diffi-culties in developing the mHealth system is the security of healthcare data. mHealth systems are still vulnerable to numerous security issues with regard to their weak-nesses in design and data management. Several information security frameworks for mHealth devices as well as information security frameworks for Cloud storage have been proposed, however, the major challenge is developing an effective information se-curity framework that will encompass every component of an mHealth system to secure sensitive healthcare data. This research investigates how healthcare data is managed in mHealth systems and proposes a new information security framework that secures mHealth systems. Moreover, a prototype is developed for the purpose of testing the proposed information security framework. Firstly, risk identification is carried out to determine what could happen to cause potential damage and to gain insight into how, where, and why the damage might happen. The process of risk identification includes the identification of assets those need to be protected, threats that we try to protect against, and vulnerabilities that are weaknesses in mHealth systems. Afterward, a detailed analysis of the entire mHealth domain is undertaken to determine domain-specific features and a taxonomy for mHealth, from which a set of the most essential security requirements is identified to develop a new information security framework. It then examines existing information security frameworks for mHealth devices and the Cloud, noting similarities and differences. Key mechanisms to implement the new framework are discussed and the new framework is then presented. Furthermore, a prototype is developed for the purpose of testing. It consists of four layers including an mHealth secure storage system, Capability system, Secure transactional layer, and Service management layer. Capability system, Secure transactional layer, and Service management layer are developed as main contributions of the research

Combined Fault Injection and Real-Time Side-Channel Analysis for Android Secure-Boot Bypassing

The Secure-Boot is a critical security feature in modern devices based on System-on-Chips (SoC). It ensures the authenticity and integrity of the code before its execution, avoiding the SoC to run malicious code. To the best of our knowledge, this paper presents the first bypass of an Android Secure-Boot by using an Electromagnetic Fault Injection (EMFI). Two hardware characterization methods are combined to conduct this experiment. A real-time Side-Channel Analysis (SCA) is used to synchronize an EMFI during the Linux Kernel authentication step of the Android Secure-Boot of a smartphone-grade SoC. This new synchronization method is called Synchronization by Frequency Detection (SFD). It is based on the detection of the activation of a characteristic frequency in the target electromagnetic emanations. In this work we present a proof-of-concept of this new triggering method. By triggering the attack upon the activation of this characteristic frequency, we successfully bypassed this security feature, effectively running Android OS with a compromised Linux Kernel with one success every 15 minutes