1,313 research outputs found
Security of 5G-V2X: Technologies, Standardization and Research Directions
Cellular-Vehicle to Everything (C-V2X) aims at resolving issues pertaining to
the traditional usability of Vehicle to Infrastructure (V2I) and Vehicle to
Vehicle (V2V) networking. Specifically, C-V2X lowers the number of entities
involved in vehicular communications and allows the inclusion of
cellular-security solutions to be applied to V2X. For this, the evolvement of
LTE-V2X is revolutionary, but it fails to handle the demands of high
throughput, ultra-high reliability, and ultra-low latency alongside its
security mechanisms. To counter this, 5G-V2X is considered as an integral
solution, which not only resolves the issues related to LTE-V2X but also
provides a function-based network setup. Several reports have been given for
the security of 5G, but none of them primarily focuses on the security of
5G-V2X. This article provides a detailed overview of 5G-V2X with a
security-based comparison to LTE-V2X. A novel Security Reflex Function
(SRF)-based architecture is proposed and several research challenges are
presented related to the security of 5G-V2X. Furthermore, the article lays out
requirements of Ultra-Dense and Ultra-Secure (UD-US) transmissions necessary
for 5G-V2X.Comment: 9 pages, 6 figures, Preprin
The Android Platform Security Model
Android is the most widely deployed end-user focused operating system. With
its growing set of use cases encompassing communication, navigation, media
consumption, entertainment, finance, health, and access to sensors, actuators,
cameras, or microphones, its underlying security model needs to address a host
of practical threats in a wide variety of scenarios while being useful to
non-security experts. The model needs to strike a difficult balance between
security, privacy, and usability for end users, assurances for app developers,
and system performance under tight hardware constraints. While many of the
underlying design principles have implicitly informed the overall system
architecture, access control mechanisms, and mitigation techniques, the Android
security model has previously not been formally published. This paper aims to
both document the abstract model and discuss its implications. Based on a
definition of the threat model and Android ecosystem context in which it
operates, we analyze how the different security measures in past and current
Android implementations work together to mitigate these threats. There are some
special cases in applying the security model, and we discuss such deliberate
deviations from the abstract model
Citizen Electronic Identities using TPM 2.0
Electronic Identification (eID) is becoming commonplace in several European
countries. eID is typically used to authenticate to government e-services, but
is also used for other services, such as public transit, e-banking, and
physical security access control. Typical eID tokens take the form of physical
smart cards, but successes in merging eID into phone operator SIM cards show
that eID tokens integrated into a personal device can offer better usability
compared to standalone tokens. At the same time, trusted hardware that enables
secure storage and isolated processing of sensitive data have become
commonplace both on PC platforms as well as mobile devices.
Some time ago, the Trusted Computing Group (TCG) released the version 2.0 of
the Trusted Platform Module (TPM) specification. We propose an eID architecture
based on the new, rich authorization model introduced in the TCGs TPM 2.0. The
goal of the design is to improve the overall security and usability compared to
traditional smart card-based solutions. We also provide, to the best our
knowledge, the first accessible description of the TPM 2.0 authorization model.Comment: This work is based on an earlier work: Citizen Electronic Identities
using TPM 2.0, to appear in the Proceedings of the 4th international workshop
on Trustworthy embedded devices, TrustED'14, November 3, 2014, Scottsdale,
Arizona, USA, http://dx.doi.org/10.1145/2666141.266614
Security Monitoring in Production Areas
Teses de mestrado, Segurança Informática, 2022, Universidade de Lisboa, Faculdade de CiênciasSince the late 1960s, a different set of technologies has been designed and implemented in parallel to assist
in automating industrial and manufacturing processes. These systems, created parallel to IT (Information
Technologies), became known as OT (Operational Technologies).
Unlike IT technologies, these were developed with a different set of requirements. With a focus
on resilience to adverse environmental conditions – such as temperature, humidity, and electromagnetic
interference – and a need for high availability and near-real-time performance, these technologies took a
back seat to other requirements. Such as information integrity and confidentiality. However, the need to
automate processes has developed. Today, it is not only industrial areas – such as heavy manufacturing,
oil and gas industries, electrical networks, water distribution processes, or sewage treatment – that need
to increase their efficiency. The production areas of a manufacturing company also benefit from these
two types of technologies – IT and OT. Furthermore, it is on the shop floor – i.e., in a production area –
that the two meet and merge and interconnect the two networks to become a blended system.
Often the requirements for the operation of one technology are the weak point of the other. A good
example is an increasing need for IT devices to connect to the Internet. On the other hand, OT devices that
often have inherent difficulty with authentication and authorization processes are exposed to untrusted
networks.
In recent years, and aggravated by the socio-political changes in the world, incidents in industrial
and production areas have become larger and more frequent. As the impact of incidents in these areas
has the potential to be immense, companies and government organizations are increasingly willing to
implement measures to defend them. For information security, this is fertile ground for developing new
methodologies or experimenting and validating existing ones.
This master’s work aims to apply a threat model in the context of a production area, thus obtaining
a set of the most relevant threats. With the starting point of these threats, the applicability and value of
two security monitoring solutions for production areas will be analyzed.
In this dissertation’s first part, and after reviewing state-of-the-art with the result of identifying the
most mentioned security measures for industrial and manufacturing areas, a contextualization of what a
production area will be performed—followed by an example, based on what was observed in the course
of this work. After giving this background, a threat model will be created using a STRIDE methodology
for identifying and classifying potential threats and using the DREAD methodology for risk assessment.
The presentation of an attack tree will show how the identified threats can be linked to achieving the goal
of disrupting a production area. After this, a study will be made on which security measures mentioned
initially best mitigate the threats identified. In the final part, the two solutions will be analyzed with the functionalities of detecting connected
devices and their vulnerabilities and monitoring and identifying security events using network traffic
observed in an actual production area. This observation aims to verify the practical value of these tools
in mitigating the threats mentioned above.
During this work, a set of lessons learned were identified, which are presented as recommendations
in a separate chapter
Engineering design knowledge management in de-centralised virtual enterprises
The problems of collaborative engineering design and knowledge management at the conceptual stage in a network of dissimilar enterprises was investigated. This issue in
engineering design is a result of the supply chain and virtual enterprise (VE) oriented industry that demands faster time to market and accurate cost/manufacturing analysis from conception. The solution consisted of a de-centralised super-peer net architecture to establish and maintain communications between enterprises in a VE. In the solution outlined below, the enterprises are able to share knowledge in a common format and nomenclature via the building-block shareable super-ontology that can be tailored on a project by project basis, whilst maintaining the common nomenclature of the ‘super-ontology’ eliminating knowledge interpretation issues. The two-tier architecture layout of the solution glues together the peer-peer and super-ontologies to form a coherent system for both internal and virtual enterprise knowledge management and product development
Upgrading and enhancing the LHC logging system
Estágio realizado no CERN, Suiça e orientado pelo Eng.º Ronny Billen e Chris RoderickTese de mestrado integrado. Engenharia Informátca e Computação. Faculdade de Engenharia. Universidade do Porto. 200
- …