Towards Secure and Safe Appified Automated Vehicles

The advancement in Autonomous Vehicles (AVs) has created an enormous market for the development of self-driving functionalities,raising the question of how it will transform the traditional vehicle development process. One adventurous proposal is to open the AV platform to third-party developers, so that AV functionalities can be developed in a crowd-sourcing way, which could provide tangible benefits to both automakers and end users. Some pioneering companies in the automotive industry have made the move to open the platform so that developers are allowed to test their code on the road. Such openness, however, brings serious security and safety issues by allowing untrusted code to run on the vehicle. In this paper, we introduce the concept of an Appified AV platform that opens the development framework to third-party developers. To further address the safety challenges, we propose an enhanced appified AV design schema called AVGuard, which focuses primarily on mitigating the threats brought about by untrusted code, leveraging theory in the vehicle evaluation field, and conducting program analysis techniques in the cybersecurity area. Our study provides guidelines and suggested practice for the future design of open AV platforms

In my Wish List, an Automated Tool for Fail-Secure Design Analysis: an Alloy-Based Feasibility Draft

A system is said to be fail-secure, sometimes confused with fail-safe, if it maintains its security requirements even in the event of some faults. Fail-secure analyses are required by some validation schemes, such as some Common Criteria or NATO certifications. However, it is an aspect of security which as been overlooked by the community. This paper attempts to shed some light on the fail-secure field of study by: giving a definition of fail-secure as used in those certification schemes, and emphasizing the differences with fail-safe; and exhibiting a first feasibility draft of a fail-secure design analysis tool based on the Alloy model checker.Comment: In Proceedings ESSS 2014, arXiv:1405.055

Software implementation of a secure firmware update solution in an IoT context

The present paper is concerned with the secure delivery of firmware updates to Internet of Things (IoT) devices. Additionally, it deals with the design of a safe and secure bootloader for a UHF RFID reader. A software implementation of a secure firmware update solution is performed. The results show there is space to integrate even more security features into existing devices

FASTRA – SAFE AND SECURE

The innovative congestion control algorithm named FASTRA (Fast Active Stability TCP) is aimed for high-speed long-latency networks. Four major difficulties in FASTRA are highlighted at both packet and flow levels. The architecture and characterization of equilibrium and stability properties of FASTRA are robust. Experimental results of FASTRA outsmart TCP Reno, HSTCP, and STCP in terms of throughput, fairness, stability, and responsiveness. FASTRA aims to rapidly stabilize high-speed long-latency networks into steady, efficient and fair operating points, in dynamic sharing environments, and the preliminary results are produced as output of our project. The Proposed architecture is explained with the help of an existing real-time example as to explain why FASTRA download is chosen rather than FTP download. The Paper is concluded with the results of the new congestion control algorithm aided with the graphs obtained during its simulation in NS2. On proper implementation, many safe, FASTRA downloads and data transfers can be carried over a high speed internet network

How Insurers Benefit from the Housing Rehabilitation Efforts of NeighborWorks Organizations

Insurance companies have a vested interest in communities and homes that are safe and secure. Through their successful but underutilized housing rehabilitation expertise, NeighborWorks organizations seek to improve the quality of older, unsafe and/or vacant and abandoned properties in the communities they serve

e-SAFE: Secure, Efficient and Forensics-Enabled Access to Implantable Medical Devices

To facilitate monitoring and management, modern Implantable Medical Devices (IMDs) are often equipped with wireless capabilities, which raise the risk of malicious access to IMDs. Although schemes are proposed to secure the IMD access, some issues are still open. First, pre-sharing a long-term key between a patient's IMD and a doctor's programmer is vulnerable since once the doctor's programmer is compromised, all of her patients suffer; establishing a temporary key by leveraging proximity gets rid of pre-shared keys, but as the approach lacks real authentication, it can be exploited by nearby adversaries or through man-in-the-middle attacks. Second, while prolonging the lifetime of IMDs is one of the most important design goals, few schemes explore to lower the communication and computation overhead all at once. Finally, how to safely record the commands issued by doctors for the purpose of forensics, which can be the last measure to protect the patients' rights, is commonly omitted in the existing literature. Motivated by these important yet open problems, we propose an innovative scheme e-SAFE, which significantly improves security and safety, reduces the communication overhead and enables IMD-access forensics. We present a novel lightweight compressive sensing based encryption algorithm to encrypt and compress the IMD data simultaneously, reducing the data transmission overhead by over 50% while ensuring high data confidentiality and usability. Furthermore, we provide a suite of protocols regarding device pairing, dual-factor authentication, and accountability-enabled access. The security analysis and performance evaluation show the validity and efficiency of the proposed scheme