Invisible Trojan-horse attack

We demonstrate the experimental feasibility of a Trojan-horse attack that remains nearly invisible to the single-photon detectors employed in practical quantum key distribution (QKD) systems, such as Clavis2 from ID Quantique. We perform a detailed numerical comparison of the attack performance against Scarani-Acin-Ribordy-Gisin (SARG04) QKD protocol at 1924nm versus that at 1536nm. The attack strategy was proposed earlier but found to be unsuccessful at the latter wavelength, as reported in N.~Jain et al., New J. Phys. 16, 123030 (2014). However at 1924nm, we show experimentally that the noise response of the detectors to bright pulses is greatly reduced, and show by modeling that the same attack will succeed. The invisible nature of the attack poses a threat to the security of practical QKD if proper countermeasures are not adopted.Comment: 8 pages, 3 figures, due to problem in the compilation of bibliography, we are uploading a corrected versio

Cybersecurity Vulnerabilities in Smart Grids with Solar Photovoltaic: A Threat Modelling and Risk Assessment Approach

Cybersecurity is a growing concern for smart grids, especially with the integration of solar photovoltaics (PVs). With the installation of more solar and the advancement of inverters, utilities are provided with real-time solar power generation and other information through various tools. However, these tools must be properly secured to prevent the grid from becoming more vulnerable to cyber-attacks. This study proposes a threat modeling and risk assessment approach tailored to smart grids incorporating solar PV systems. The approach involves identifying, assessing, and mitigating risks through threat modeling and risk assessment. A threat model is designed by adapting and applying general threat modeling steps to the context of smart grids with solar PV. The process involves the identification of device assets and access points within the smart grid infrastructure. Subsequently, the threats to these devices were classified utilizing the STRIDE model. To further prioritize the identified threat, the DREAD threat-risk ranking model is employed. The threat modeling stage reveals several high-risk threats to the smart grid infrastructure, including Information Disclosure, Elevation of Privilege, and Tampering. Targeted recommendations in the form of mitigation controls are formulated to secure the smart grid’s posture against these identified threats. The risk ratings provided in this study offer valuable insights into the cybersecurity risks associated with smart grids incorporating solar PV systems, while also providing practical guidance for risk mitigation. Tailored mitigation strategies are proposed to address these vulnerabilities. By taking proactive measures, energy sector stakeholders may strengthen the security of their smart grid infrastructure and protect critical operations from potential cyber threats

Actionable Intelligence-Oriented Cyber Threat Modeling Framework

Amid the growing challenges of cybersecurity, the new paradigm of cyber threat intelligence (or CTI) has gained momentum to better deal with cyber threats. There, however, has been one fundamental and very practical problem of information overload organizations face in constructing an effective CTI program. We developed a cyber threat intelligence prototype that automatically and dynamically performs the correlation of business assets, vulnerabilities, and cyber threat information in a scoped setting to remediate the challenge of information overload. Conveniently called TIME (for Threat Intelligence Modeling Environment), it repeats the cycle of: (1) collect internal asset data; (2) gather vulnerability and threat data; (3) correlate vulnerabilities with assets; and (4) derive CTI and alerts significant internal asset-related vulnerabilities in a timely manner. For this, it takes advantage of CTI reports produced by online sites and several NIST standards intended to formalize vulnerability and threat management

Conflict and threat between pre-existing groups: An application of identity to bias, persuasion and belief perseverance

The current research examines the role of identity in the context of threat towards further understanding bias, persuasion, and belief perseverance in what is defined as IRT (Immediately Relevant Threat) conditions. Using pre, middle, and post measurements, four groups of differing ideological student organizations across 4 university or college campuses were presented critical messages that were varied by the source being either an in-group or out-group presenter of the message. Messages were also varied by either presenting a message that criticized the entire group or only a few of its members. With the use of hierarchical linear modeling and conventional ordinary least square statistics, results indicated general and specific effects of source of the message and the inclusiveness of criticism towards predicting bias, persuasion, and belief perseverance in environmental settings. Findings and their practical applications are discussed

All Possible Regressions Using IBM SPSS: A Practitioner’s Guide to Automatic Linear Modeling

Although the all possible subsets regression procedure (or all possible regressions) has been a preferred method for selecting the “best” model in multiple regression, it might not have been the most frequently used method by SPSS users partly due to its time consuming nature of evaluating all possible combinations of multiple regression models. Starting with Version 19, however, IBM SPSS introduced a new procedure called Automatic Linear Modeling, enabling researchers to select best subsets automatically. While the arrival of this new procedure is highly welcomed by researchers, practitioners, and students, it has also raised a potential threat of misuse due to its apparent simplicity. The purpose of this paper is to provide brief information on all possible regressions and to provide a practical guide on how to make the best use of Automatic Linear Modeling

Alert-BDI: BDI Model with Adaptive Alertness through Situational Awareness

In this paper, we address the problems faced by a group of agents that possess situational awareness, but lack a security mechanism, by the introduction of a adaptive risk management system. The Belief-Desire-Intention (BDI) architecture lacks a framework that would facilitate an adaptive risk management system that uses the situational awareness of the agents. We extend the BDI architecture with the concept of adaptive alertness. Agents can modify their level of alertness by monitoring the risks faced by them and by their peers. Alert-BDI enables the agents to detect and assess the risks faced by them in an efficient manner, thereby increasing operational efficiency and resistance against attacks.Comment: 14 pages, 3 figures. Submitted to ICACCI 2013, Mysore, Indi

Analyzing helicopter evasive maneuver effectiveness against rocket-propelled grenades

It has long been acknowledged that military helicopters are vulnerable to ground-launched threats, in particular, the RPG-7 rocket-propelled grenade. Current helicopter threat mitigation strategies rely on a combination of operational tactics and selectively placed armor plating, which can help to mitigate but not entirely remove the threat. However, in recent years, a number of active protection systems designed to protect land-based vehicles from rocket and missile fire have been developed. These systems all use a sensor suite to detect, track, and predict the threat trajectory, which is then employed in the computation of an intercept trajectory for a defensive kill mechanism. Although a complete active protection system in its current form is unsuitable for helicopters, in this paper, it is assumed that the active protection system’s track and threat trajectory prediction subsystem could be used offline as a tool to develop tactics and techniques to counter the threat from rocket-propelled grenade attacks. It is further proposed that such a maneuver can be found by solving a pursuit–evasion differential game. Because the first stage in solving this problem is developing the capability to evaluate the game, nonlinear dynamic and spatial models for a helicopter, RPG-7 round, and gunner, and evasion strategies were developed and integrated into a new simulation engine. Analysis of the results from representative vignettes demonstrates that the simulation yields the value of the engagement pursuit–evasion game. It is also shown that, in the majority of cases, survivability can be significantly improved by performing an appropriate evasive maneuver. Consequently, this simulation may be used as an important tool for both designing and evaluating evasive tactics and is the first step in designing a maneuver-based active protection system, leading to improved rotorcraft survivability