A Design Approach to IoT Endpoint Security for Production Machinery Monitoring

The Internet of Things (IoT) has significant potential in upgrading legacy production machinery with monitoring capabilities to unlock new capabilities and bring economic benefits. However, the introduction of IoT at the shop floor layer exposes it to additional security risks with potentially significant adverse operational impact. This article addresses such fundamental new risks at their root by introducing a novel endpoint security-by-design approach. The approach is implemented on a widely applicable production-machinery-monitoring application by introducing real-time adaptation features for IoT device security through subsystem isolation and a dedicated lightweight authentication protocol. This paper establishes a novel viewpoint for the understanding of IoT endpoint security risks and relevant mitigation strategies and opens a new space of risk-averse designs that enable IoT benefits, while shielding operational integrity in industrial environments

The Magnificence of the Disaster: Reconstructing the Sony BMG Rootkit Incident

Late in 2005, Sony BMG released millions of Compact Discs containing digital rights management technologies that threatened the security of its customers\u27 computers and the integrity of the information infrastructure more broadly. This Article aims to identify the market, technological, and legal factors that appear to have led a presumably rational actor toward a strategy that in retrospect appears obviously and fundamentally misguided. The Article first addresses the market-based rationales that likely influenced Sony BMG\u27s deployment of these DRM systems and reveals that even the most charitable interpretation of Sony BMG\u27s internal strategizing demonstrates a failure to adequately value security and privacy. After taking stock of the then-existing technological environment that both encouraged and enabled the distribution of these protection measures, the Article examines law, the third vector of influence on Sony BMG\u27s decision to release flawed protection measures into the wild, and argues that existing doctrine in the fields of contract, intellectual property, and consumer protection law fails to adequately counter the technological and market forces that allowed a self-interested actor to inflict these harms on the public. The Article concludes with two recommendations aimed at reducing the likelihood of companies deploying protection measures with known security vulnerabilities in the consumer marketplace. First, Congress should alter the Digital Millennium Copyright Act (DMCA) by creating permanent exemptions from its anti-circumvention and antitrafficking provisions that enable security research and the dissemination of tools to remove harmful protection measures. Second, the Federal Trade Commission should leverage insights from the field of human computer interaction security (HCI-Sec) to develop a stronger framework for user control over the security and privacy aspects of computers

The Magnificence of the Disaster: Reconstructing the Sony BMG Rootkit Incident

Late in 2005, Sony BMG released millions of Compact Discs containing digital rights management technologies that threatened the security of its customers\u27 computers and the integrity of the information infrastructure more broadly. This Article aims to identify the market, technological, and legal factors that appear to have led a presumably rational actor toward a strategy that in retrospect appears obviously and fundamentally misguided. The Article first addresses the market-based rationales that likely influenced Sony BMG\u27s deployment of these DRM systems and reveals that even the most charitable interpretation of Sony BMG\u27s internal strategizing demonstrates a failure to adequately value security and privacy. After taking stock of the then-existing technological environment that both encouraged and enabled the distribution of these protection measures, the Article examines law, the third vector of influence on Sony BMG\u27s decision to release flawed protection measures into the wild, and argues that existing doctrine in the fields of contract, intellectual property, and consumer protection law fails to adequately counter the technological and market forces that allowed a self-interested actor to inflict these harms on the public. The Article concludes with two recommendations aimed at reducing the likelihood of companies deploying protection measures with known security vulnerabilities in the consumer marketplace. First, Congress should alter the Digital Millennium Copyright Act (DMCA) by creating permanent exemptions from its anti-circumvention and antitrafficking provisions that enable security research and the dissemination of tools to remove harmful protection measures. Second, the Federal Trade Commission should leverage insights from the field of human computer interaction security (HCI-Sec) to develop a stronger framework for user control over the security and privacy aspects of computers

The Magnificence of the Disaster: Reconstructing the Sony BMG Rootkit Incident

Late in 2005, Sony BMG released millions of Compact Discs containing digital rights management technologies that threatened the security of its customers\u27 computers and the integrity of the information infrastructure more broadly. This Article aims to identify the market, technological, and legal factors that appear to have led a presumably rational actor toward a strategy that in retrospect appears obviously and fundamentally misguided. The Article first addresses the market-based rationales that likely influenced Sony BMG\u27s deployment of these DRM systems and reveals that even the most charitable interpretation of Sony BMG\u27s internal strategizing demonstrates a failure to adequately value security and privacy. After taking stock of the then-existing technological environment that both encouraged and enabled the distribution of these protection measures, the Article examines law, the third vector of influence on Sony BMG\u27s decision to release flawed protection measures into the wild, and argues that existing doctrine in the fields of contract, intellectual property, and consumer protection law fails to adequately counter the technological and market forces that allowed a self-interested actor to inflict these harms on the public. The Article concludes with two recommendations aimed at reducing the likelihood of companies deploying protection measures with known security vulnerabilities in the consumer marketplace. First, Congress should alter the Digital Millennium Copyright Act (DMCA) by creating permanent exemptions from its anti-circumvention and antitrafficking provisions that enable security research and the dissemination of tools to remove harmful protection measures. Second, the Federal Trade Commission should leverage insights from the field of human computer interaction security (HCI-Sec) to develop a stronger framework for user control over the security and privacy aspects of computers

Efficiency and Sustainability of the Distributed Renewable Hybrid Power Systems Based on the Energy Internet, Blockchain Technology and Smart Contracts-Volume II

The climate changes that are becoming visible today are a challenge for the global research community. In this context, renewable energy sources, fuel cell systems, and other energy generating sources must be optimally combined and connected to the grid system using advanced energy transaction methods. As this reprint presents the latest solutions in the implementation of fuel cell and renewable energy in mobile and stationary applications, such as hybrid and microgrid power systems based on the Energy Internet, Blockchain technology, and smart contracts, we hope that they will be of interest to readers working in the related fields mentioned above

Real-Time Sensor Networks and Systems for the Industrial IoT

The Industrial Internet of Things (Industrial IoT—IIoT) has emerged as the core construct behind the various cyber-physical systems constituting a principal dimension of the fourth Industrial Revolution. While initially born as the concept behind specific industrial applications of generic IoT technologies, for the optimization of operational efficiency in automation and control, it quickly enabled the achievement of the total convergence of Operational (OT) and Information Technologies (IT). The IIoT has now surpassed the traditional borders of automation and control functions in the process and manufacturing industry, shifting towards a wider domain of functions and industries, embraced under the dominant global initiatives and architectural frameworks of Industry 4.0 (or Industrie 4.0) in Germany, Industrial Internet in the US, Society 5.0 in Japan, and Made-in-China 2025 in China. As real-time embedded systems are quickly achieving ubiquity in everyday life and in industrial environments, and many processes already depend on real-time cyber-physical systems and embedded sensors, the integration of IoT with cognitive computing and real-time data exchange is essential for real-time analytics and realization of digital twins in smart environments and services under the various frameworks’ provisions. In this context, real-time sensor networks and systems for the Industrial IoT encompass multiple technologies and raise significant design, optimization, integration and exploitation challenges. The ten articles in this Special Issue describe advances in real-time sensor networks and systems that are significant enablers of the Industrial IoT paradigm. In the relevant landscape, the domain of wireless networking technologies is centrally positioned, as expected

Nation-State Attackers and their Effects on Computer Security

Nation-state intelligence agencies have long attempted to operate in secret, but recent revelations have drawn the attention of security researchers as well as the general public to their operations. The scale, aggressiveness, and untargeted nature of many of these now public operations were not only alarming, but also baffling as many were thought impossible or at best infeasible at scale. The security community has since made many efforts to protect end-users by identifying, analyzing, and mitigating these now known operations. While much-needed, the security community's response has largely been reactionary to the oracled existence of vulnerabilities and the disclosure of specific operations. Nation-State Attackers, however, are dynamic, forward-thinking, and surprisingly agile adversaries who do not rest on their laurels and are continually advancing their efforts to obtain information. Without the ability to conceptualize their actions, understand their perspective, or account for their presence, the security community's advances will become antiquated and unable to defend against the progress of Nation-State Attackers. In this work, we present and discuss a model of Nation-State Attackers that can be used to represent their attributes, behavior patterns, and world view. We use this representation of Nation-State Attackers to show that real-world threat models do not account for such highly privileged attackers, to identify and support technical explanations of known but ambiguous operations, and to identify and analyze vulnerabilities in current systems that are favorable to Nation-State Attackers.PHDComputer Science & EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttps://deepblue.lib.umich.edu/bitstream/2027.42/143907/1/aaspring_1.pd

The Palgrave Handbook of Digital Russia Studies

This open access handbook presents a multidisciplinary and multifaceted perspective on how the ‘digital’ is simultaneously changing Russia and the research methods scholars use to study Russia. It provides a critical update on how Russian society, politics, economy, and culture are reconfigured in the context of ubiquitous connectivity and accounts for the political and societal responses to digitalization. In addition, it answers practical and methodological questions in handling Russian data and a wide array of digital methods. The volume makes a timely intervention in our understanding of the changing field of Russian Studies and is an essential guide for scholars, advanced undergraduate and graduate students studying Russia today

The Palgrave Handbook of Digital Russia Studies

This open access handbook presents a multidisciplinary and multifaceted perspective on how the ‘digital’ is simultaneously changing Russia and the research methods scholars use to study Russia. It provides a critical update on how Russian society, politics, economy, and culture are reconfigured in the context of ubiquitous connectivity and accounts for the political and societal responses to digitalization. In addition, it answers practical and methodological questions in handling Russian data and a wide array of digital methods. The volume makes a timely intervention in our understanding of the changing field of Russian Studies and is an essential guide for scholars, advanced undergraduate and graduate students studying Russia today