Blockchain-Based E-Certificate Verification and Validation Automation Architecture to Avoid Counterfeiting of Digital Assets in Order to Accelerate Digital Transformation

The security and confidentiality of data are very important for institutions. Meanwhile, data fabrication or falsification of official documents is still common. Validation of the authenticity of documents such as certificates becomes a challenge for various parties, especially those who have to make decisions based on the validity of the document. Scanning-based signatures on printed and digital documents are still relatively easy to counterfeit and yet still difficult to distinguish from the original. The traditional approach is no longer reliable. Solutions to these problems require the existence of data security techniques, seamless online verification of the authenticity of printed documents, and e-certificates quickly. The objective of the study is to model the e-certificate verification process via blockchain and proof-of-stake consensus methods and use MD5 encryption. The data or identity listed on the e-certificate is secured with an embedded digital signature in the form of a QR code and can be checked for the truth online. A combination of technologies capable of suppressing or removing counterfeiting of digital assets will accelerate digital transformation across spectrums of modern life. The resulting architectural model can be used as a starting point for implementing a blockchain-based e-certificate verification and validation automation system

On-device Security and Privacy Mechanisms for Resource-limited Devices: A Bottom-up Approach

This doctoral dissertation introduces novel mechanisms to provide on-device security and privacy for resource-limited smart devices and their applications. These mechanisms aim to cover five fundamental contributions in the emerging Cyber-Physical Systems (CPS), Internet of Things (IoT), and Industrial IoT (IIoT) fields. First, we present a host-based fingerprinting solution for device identification that is complementary to other security services like device authentication and access control. Then, we design a kernel- and user-level detection framework that aims to discover compromised resource-limited devices based on behavioral analysis. Further we apply dynamic analysis of smart devices’ applications to uncover security and privacy risks in real-time. Then, we describe a solution to enable digital forensics analysis on data extracted from interconnected resource-limited devices that form a smart environment. Finally, we offer to researchers from industry and academia a collection of benchmark solutions for the evaluation of the discussed security mechanisms on different smart domains. For each contribution, this dissertation comprises specific novel tools and techniques that can be applied either independently or combined to enable a broader security services for the CPS, IoT, and IIoT domains

Doing Business in Poland: Legal Aspects of Doing Business in Poland

[Excerpt] The transformation of Poland\u27s economy from a centrally planned to a modern market economy continues apace. Successive governments have re-affirmed their commitment to privatization and the liberalization of the economy with the aim of encouraging private enterprise and attracting foreign investment. The Association Agreement with the European Union, which came into force in February 1994, and the acceptance by the member states of the Treaty of Nice, were important steps towards Poland\u27s goal of full EU membership. In a referendum held on June 7 and 8, 2003, Poland voted in favour of joining the EU. Poland gained full EU membership on 1 May 2004. Poland is beginning to tap international capital markets. Against this background there has been, and continues to be, rapid legislative development. It is vitally important for the investor to keep abreast of new legislation. What follows is a brief guide to the more important legal issues likely to be relevant to the foreign investor

A Hierarchical and Location-aware Consensus Protocol for IoT-Blockchain Applications

Blockchain-based IoT systems can manage IoT devices and achieve a high level of data integrity, security, and provenance. However, incorporating existing consensus protocols in many IoT systems limits scalability and leads to high computational cost and consensus latency. In addition, location-centric characteristics of many IoT applications paired with limited storage and computing power of IoT devices bring about more limitations, primarily due to the location-agnostic designs in blockchains. We propose a hierarchical and location-aware consensus protocol (LH-Raft) for IoT-blockchain applications inspired by the original Raft protocol to address these limitations. The proposed LH-Raft protocol forms local consensus candidate groups based on nodes' reputation and distance to elect the leaders in each sub-layer blockchain. It utilizes a threshold signature scheme to reach global consensus and the local and global log replication to maintain consistency for blockchain transactions. To evaluate the performance of LH-Raft, we first conduct an extensive numerical analysis based on the proposed reputation mechanism and the candidate group formation model. We then compare the performance of LH-Raft against the classical Raft protocol from both theoretical and experimental perspectives. We evaluate the proposed threshold signature scheme using Hyperledger Ursa cryptography library to measure various consensus nodes' signing and verification time. Experimental results show that the proposed LH-Raft protocol is scalable for large IoT applications and significantly reduces the communication cost, consensus latency, and agreement time for consensus processing.Comment: Published in IEEE Transactions on Network and Service Management ( Volume: 19, Issue: 3, September 2022). arXiv admin note: text overlap with arXiv:2305.1696

Demystifying Internet of Things Security

Break down the misconceptions of the Internet of Things by examining the different security building blocks available in Intel Architecture (IA) based IoT platforms. This open access book reviews the threat pyramid, secure boot, chain of trust, and the SW stack leading up to defense-in-depth. The IoT presents unique challenges in implementing security and Intel has both CPU and Isolated Security Engine capabilities to simplify it. This book explores the challenges to secure these devices to make them immune to different threats originating from within and outside the network. The requirements and robustness rules to protect the assets vary greatly and there is no single blanket solution approach to implement security. Demystifying Internet of Things Security provides clarity to industry professionals and provides and overview of different security solutions What You'll Learn Secure devices, immunizing them against different threats originating from inside and outside the network Gather an overview of the different security building blocks available in Intel Architecture (IA) based IoT platforms Understand the threat pyramid, secure boot, chain of trust, and the software stack leading up to defense-in-depth Who This Book Is For Strategists, developers, architects, and managers in the embedded and Internet of Things (IoT) space trying to understand and implement the security in the IoT devices/platforms

NDN, CoAP, and MQTT: A Comparative Measurement Study in the IoT

This paper takes a comprehensive view on the protocol stacks that are under debate for a future Internet of Things (IoT). It addresses the holistic question of which solution is beneficial for common IoT use cases. We deploy NDN and the two popular IP-based application protocols, CoAP and MQTT, in its different variants on a large-scale IoT testbed in single- and multi-hop scenarios. We analyze the use cases of scheduled periodic and unscheduled traffic under varying loads. Our findings indicate that (a) NDN admits the most resource-friendly deployment on nodes, and (b) shows superior robustness and resilience in multi-hop scenarios, while (c) the IP protocols operate at less overhead and higher speed in single-hop deployments. Most strikingly we find that NDN-based protocols are in significantly better flow balance than the UDP-based IP protocols and require less corrective actions

Systematic specification of requirements for assembly process control system in the pharmaceutical industry

Abstract. Pharmaceutical manufacturing is one of the most strictly regulated fields in the world. Manufacturers of pharmaceutical products are juridically obliged to monitor the safety and quality of products. Any defects and manufacturing errors affecting the product are demanded to be traceable due to patient safety. Regulative bodies have set strict demands for data integrity in manufacturing records. The main objective of this thesis is to evaluate whether the proposed supervisory control and data acquisition software can adhere to current prevailing regulatory framework. The evaluation of the proposed supervisory control and data acquisition software focuses on handling of electronic records and electronic signatures. Features like user management, alarm and event management, reporting, and locally set requirements in the target company are investigated and reflected to the prevailing regulations concerning data integrity. The results showed that the proposed software is, when properly configured, compliant to prevailing regulations regarding electronic records and electronic signatures. In addition, the proposed software is capable of the requirements set by the target company.Systemaattinen vaatimusmäärittely kokoonpanoprosessin ohjausjärjestelmälle lääketeollisuudessa. Tiivistelmä. Valmistava lääketeollisuus on yksi maailman eniten säädellyin teollisuuden ala. Lääkinnällisten tuotteiden valmistaja on lainmukaisesti vastuussa tuotteidensa laadusta ja valmistuksen valvomisesta. Tuotteiden laatu- ja valmistusvirheiden vaaditaan olevan jäljitettävissä potilasturvallisuuden vuoksi. Sääntelyviranomaiset ovat asettaneet tiukat vaatimukset tuotantokoneiden elektronisille tallenteille. Tämän diplomityön tavoitteena on arvioida noudattaako ehdotettu ohjausjärjestelmä nykyisiä säädöksiä. Ohjausjärjestelmän arviointi keskittyy eletronisten tallenteiden ja elektronisten allekirjoitusten toteutukseen ohjelmassa. Arvioinnin perustana käytetään sääntelyviranomaisten viimeisimpiä säädöksiä. Arviointi kohdistuu ohjelmiston käyttähallintaan, hälytys- ja tapahtumahallintaan, raportointiin ja paikallisesti asetettuihin vaatimuksiin tiedon eheyden näkökulmasta. Arviointi osoitti, että oikein konfiguroituna ehdotettu ohjausjärjestelmä noudattaa nykyisiä säännöksiä elektronisten tallenteiden ja elektronisten allekirjoitusten osalta. Ohjelmisto pystyy myös vastaamaan yrityksen paikallisesti asetettuihin vaatimuksiin. Ohjelmistoa voi kuitenkin käyttää vastoin nykyisiä sääntelyviranomaisten laatimia säädöksiä ilman riittävää asiantuntevuutta

Standards and practices necessary to implement a successful security review program for intrusion management systems

Thesis (Master)--Izmir Institute of Technology, Computer Engineering, Izmir, 2002Includes bibliographical references (leaves: 84-85)Text in English; Abstract: Turkish and Englishviii, 91 leavesIntrusion Management Systems are being used to prevent the information systems from successful intrusions and their consequences. They also have detection features. They try to detect intrusions, which have passed the implemented measures. Also the recovery of the system after a successful intrusion is made by the Intrusion Management Systems. The investigation of the intrusion is made by Intrusion Management Systems also. These functions can be existent in an intrusion management system model, which has a four layers architecture. The layers of the model are avoidance, assurance, detection and recovery. At the avoidance layer necessary policies, standards and practices are implemented to prevent the information system from successful intrusions. At the avoidance layer, the effectiveness of implemented measures are measured by some test and reviews. At the detection layer the identification of an intrusion or intrusion attempt is made in the real time. The recovery layer is responsible from restoring the information system after a successful intrusion. It has also functions to investigate the intrusion. Intrusion Management Systems are used to protect information and computer assets from intrusions. An organization aiming to protect its assets must use such a system. After the implementation of the system, continuous reviews must be conducted in order to ensure the effectiveness of the measures taken. Such a review can achieve its goal by using principles and standards. In this thesis, the principles necessary to implement a successful review program for Intrusion Management Systems have been developed in the guidance of Generally Accepted System Security Principles (GASSP). These example principles are developed for tools of each Intrusion Management System layer. These tools are firewalls for avoidance layer, vulnerability scanners for assurance layer, intrusion detection systems for detection layer and integrity checkers for recovery layer of Intrusion Management Systems

D2Gen: A Decentralized Device Genome Based Integrity Verification Mechanism for Collaborative Intrusion Detection Systems

Collaborative Intrusion Detection Systems are considered an effective defense mechanism for large, intricate, and multilayered Industrial Internet of Things against many cyberattacks. However, while a Collaborative Intrusion Detection System successfully detects and prevents various attacks, it is possible that an inside attacker performs a malicious act and compromises an Intrusion Detection System node. A compromised node can inflict considerable damage on the whole collaborative network. For instance, when a malicious node gives a false alert of an attack, the other nodes will unnecessarily increase their security and close all of their services, thus, degrading the system’s performance. On the contrary, if the spurious node approves malicious traffic into the system, the other nodes would also be compromised. Therefore, to detect a compromised node in the network, this article introduces a device integrity check mechanism based on “Digital Genome.” In medical science, a genome refers to a set that contains all of the information needed to build and maintain an organism. Based on the same concept, the digital genome is computed over a device’s vital hardware, software, and other components. Hence, if an attacker makes any change in a node’s hardware and software components, the digital genome will change, and the compromised node will be easily detected. It is envisaged that the proposed integrity attestation protocol can be used in diverse Internet of Things and other information technology applications to ensure the legitimate operation of end devices. This study also proffers a comprehensive security and performance analysis of the proposed framework