60,284 research outputs found
Security Evaluation of Cyber-Physical Systems in Society- Critical Internet of Things
In this paper, we present evaluation of security
awareness of developers and users of cyber-physical systems. Our
study includes interviews, workshops, surveys and one practical
evaluation. We conducted 15 interviews and conducted survey with
55 respondents coming primarily from industry. Furthermore, we
performed practical evaluation of current state of practice for a
society-critical application, a commercial vehicle, and reconfirmed
our findings discussing an attack vector for an off-line societycritical
facility. More work is necessary to increase usage of security
strategies, available methods, processes and standards. The security
information, currently often insufficient, should be provided in the
user manuals of products and services to protect system users. We
confirmed it lately when we conducted an additional survey of
users, with users feeling as left out in their quest for own security
and privacy. Finally, hardware-related security questions begin to
come up on the agenda, with a general increase of interest and
awareness of hardware contribution to the overall cyber-physical
security. At the end of this paper we discuss possible
countermeasures for dealing with threats in infrastructures,
highlighting the role of authorities in this quest
Asymptotic Loss in Privacy due to Dependency in Gaussian Traces
The rapid growth of the Internet of Things (IoT) necessitates employing
privacy-preserving techniques to protect users' sensitive information. Even
when user traces are anonymized, statistical matching can be employed to infer
sensitive information. In our previous work, we have established the privacy
requirements for the case that the user traces are instantiations of discrete
random variables and the adversary knows only the structure of the dependency
graph, i.e., whether each pair of users is connected. In this paper, we
consider the case where data traces are instantiations of Gaussian random
variables and the adversary knows not only the structure of the graph but also
the pairwise correlation coefficients. We establish the requirements on
anonymization to thwart such statistical matching, which demonstrate the
significant degree to which knowledge of the pairwise correlation coefficients
further significantly aids the adversary in breaking user anonymity.Comment: IEEE Wireless Communications and Networking Conferenc
UniquID: A Quest to Reconcile Identity Access Management and the Internet of Things
The Internet of Things (IoT) has caused a revolutionary paradigm shift in
computer networking. After decades of human-centered routines, where devices
were merely tools that enabled human beings to authenticate themselves and
perform activities, we are now dealing with a device-centered paradigm: the
devices themselves are actors, not just tools for people. Conventional identity
access management (IAM) frameworks were not designed to handle the challenges
of IoT. Trying to use traditional IAM systems to reconcile heterogeneous
devices and complex federations of online services (e.g., IoT sensors and cloud
computing solutions) adds a cumbersome architectural layer that can become hard
to maintain and act as a single point of failure. In this paper, we propose
UniquID, a blockchain-based solution that overcomes the need for centralized
IAM architectures while providing scalability and robustness. We also present
the experimental results of a proof-of-concept UniquID enrolment network, and
we discuss two different use-cases that show the considerable value of a
blockchain-based IAM.Comment: 15 pages, 10 figure
- …