655 research outputs found
IoT Security Evolution: Challenges and Countermeasures Review
Internet of Things (IoT) architecture, technologies, applications and security have been recently addressed by a number of researchers. Basically, IoT adds internet connectivity to a system of intelligent devices, machines, objects and/or people. Devices are allowed to automatically collect and transmit data over the Internet, which exposes them to serious attacks and threats. This paper provides an intensive review of IoT evolution with primary focusing on security issues together with the proposed countermeasures. Thus, it outlines the IoT security challenges as a future roadmap of research for new researchers in this domain
Securing Wireless Communication in Critical Infrastructure: Challenges and Opportunities
Critical infrastructure constitutes the foundation of every society. While
traditionally solely relying on dedicated cable-based communication, this
infrastructure rapidly transforms to highly digitized and interconnected
systems which increasingly rely on wireless communication. Besides providing
tremendous benefits, especially affording the easy, cheap, and flexible
interconnection of a large number of assets spread over larger geographic
areas, wireless communication in critical infrastructure also raises unique
security challenges. Most importantly, the shift from dedicated private wired
networks to heterogeneous wireless communication over public and shared
networks requires significantly more involved security measures. In this paper,
we identify the most relevant challenges resulting from the use of wireless
communication in critical infrastructure and use those to identify a
comprehensive set of promising opportunities to preserve the high security
standards of critical infrastructure even when switching from wired to wireless
communication.Comment: Author's version of a paper accepted for publication in Proceedings
of the 20th EAI International Conference on Mobile and Ubiquitous Systems:
Computing, Networking and Services (MobiQuitous 2023
Fog based Secure Framework for Personal Health Records Systems
The rapid development of personal health records (PHR) systems enables an
individual to collect, create, store and share his PHR to authorized entities.
Health care systems within the smart city environment require a patient to
share his PRH data with a multitude of institutions' repositories located in
the cloud. The cloud computing paradigm cannot meet such a massive
transformative healthcare systems due to drawbacks including network latency,
scalability and bandwidth. Fog computing relieves the burden of conventional
cloud computing by availing intermediate fog nodes between the end users and
the remote servers. Aiming at a massive demand of PHR data within a ubiquitous
smart city, we propose a secure and fog assisted framework for PHR systems to
address security, access control and privacy concerns. Built under a fog-based
architecture, the proposed framework makes use of efficient key exchange
protocol coupled with ciphertext attribute based encryption (CP-ABE) to
guarantee confidentiality and fine-grained access control within the system
respectively. We also make use of digital signature combined with CP-ABE to
ensure the system authentication and users privacy. We provide the analysis of
the proposed framework in terms of security and performance.Comment: 12 pages (CMC Journal, Tech Science Press
A Holistic Analysis of Internet of Things (IoT) Security : Principles, Practices, and New Perspectives
Peer reviewedPublisher PD
Challenges in Cybersecurity and Privacy - the European Research Landscape
Cybersecurity and Privacy issues are becoming an important barrier for a trusted and dependable global digital society development. Cyber-criminals are continuously shifting their cyber-attacks specially against cyber-physical systems and IoT, since they present additional vulnerabilities due to their constrained capabilities, their unattended nature and the usage of potential untrustworthiness components. Likewise, identity-theft, fraud, personal data leakages, and other related cyber-crimes are continuously evolving, causing important damages and privacy problems for European citizens in both virtual and physical scenarios. In this context, new holistic approaches, methodologies, techniques and tools are needed to cope with those issues, and mitigate cyberattacks, by employing novel cyber-situational awareness frameworks, risk analysis and modeling, threat intelligent systems, cyber-threat information sharing methods, advanced big-data analysis techniques as well as exploiting the benefits from latest technologies such as SDN/NFV and Cloud systems. In addition, novel privacy-preserving techniques, and crypto-privacy mechanisms, identity and eID management systems, trust services, and recommendations are needed to protect citizens’ privacy while keeping usability levels. The European Commission is addressing the challenge through different means, including the Horizon 2020 Research and Innovation program, thereby financing innovative projects that can cope with the increasing cyberthreat landscape. This book introduces several cybersecurity and privacy research challenges and how they are being addressed in the scope of 15 European research projects. Each chapter is dedicated to a different funded European Research project, which aims to cope with digital security and privacy aspects, risks, threats and cybersecurity issues from a different perspective. Each chapter includes the project’s overviews and objectives, the particular challenges they are covering, research achievements on security and privacy, as well as the techniques, outcomes, and evaluations accomplished in the scope of the EU project. The book is the result of a collaborative effort among relative ongoing European Research projects in the field of privacy and security as well as related cybersecurity fields, and it is intended to explain how these projects meet the main cybersecurity and privacy challenges faced in Europe. Namely, the EU projects analyzed in the book are: ANASTACIA, SAINT, YAKSHA, FORTIKA, CYBECO, SISSDEN, CIPSEC, CS-AWARE. RED-Alert, Truessec.eu. ARIES, LIGHTest, CREDENTIAL, FutureTrust, LEPS. Challenges in Cybersecurity and Privacy - the European Research Landscape is ideal for personnel in computer/communication industries as well as academic staff and master/research students in computer science and communications networks interested in learning about cyber-security and privacy aspects
Optimizing Cybersecurity Risk in Medical Cyber-Physical Devices
Medical devices are increasingly connected, both to cyber networks and to sensors collecting data from physical stimuli. These cyber-physical systems pose a new host of deadly security risks that traditional notions of cybersecurity struggle to take into account. Previously, we could predict how algorithms would function as they drew on defined inputs. But cyber-physical systems draw on unbounded inputs from the real world. Moreover, with wide networks of cyber-physical medical devices, a single cybersecurity breach could pose lethal dangers to masses of patients.
The U.S. Food and Drug Administration (FDA) is tasked with regulating medical devices to ensure safety and effectiveness, but its regulatory approach—designed decades ago to regulate traditional medical hardware—is ill-suited to the unique problems of cybersecurity. Because perfect cybersecurity is impossible and every cybersecurity improvement entails costs to affordability and health, designers need standards that balance costs and benefits to inform the optimal level of risk. The FDA, however, conducts limited cost-benefit analyses, believing that its authorizing statute forbids consideration of economic costs.
We draw on statutory text and case law to show that this belief is mistaken and that the FDA can and should conduct cost-benefit analyses to ensure safety and effectiveness, especially in the context of cybersecurity. We describe three approaches the FDA could take to implement this analysis as a practical matter. Of these three, we recommend an approach modeled after the Federal Trade Commission’s cost-benefit test. Regardless of the specific approach the FDA chooses, however, the critical point is that the agency must weigh costs and benefits to ensure the right level of cybersecurity. Until then, medical device designers will face continued uncertainty as cybersecurity threats become increasingly dangerous
- …