INCHAIN: a cyber insurance architecture with smart contracts and self-sovereign identity on top of blockchain

Despite the rapid growth of the cyber insurance market in recent years, insurance companies in this area face several challenges, such as a lack of data, a shortage of automated tasks, increased fraudulent claims from legal policyholders, attackers masquerading as legal policyholders, and insurance companies becoming targets of cybersecurity attacks due to the abundance of data they store. On top of that, there is a lack of Know Your Customer procedures. To address these challenges, in this article, we present INCHAIN, an innovative architecture that utilizes Blockchain technology to provide data transparency and traceability. The backbone of the architecture is complemented by Smart Contracts, which automate cyber insurance processes, and Self-Sovereign Identity for robust identification. The effectiveness of INCHAIN ’s architecture is compared with the literature against the challenges the cyber insurance industry faces. In a nutshell, our approach presents a significant advancement in the field of cyber insurance, as it effectively combats the issue of fraudulent claims and ensures proper customer identification and authentication. Overall, this research demonstrates a novel and effective solution to the complex problem of managing cyber insurance, providing a solid foundation for future developments in the field

P4G2Go: A Privacy-Preserving Scheme for Roaming Energy Consumers of the Smart Grid-to-Go

Due to its flexibility in terms of charging and billing, the smart grid is an enabler of many innovative energy consumption scenarios. One such example is when a landlord rents their property for a specific period to tenants. Then the electricity bill could be redirected from the landlord’s utility to the tenant’s utility. This novel scenario of the smart grid ecosystem, defined in this paper as Grid-to-Go (G2Go), promotes a green economy and can drive rent reductions. However, it also creates critical privacy issues, since utilities may be able to track the tenant’s activities. This paper presents P4G2Go, a novel privacy-preserving scheme that provides strong security and privacy assertions for roaming consumers against honest but curious entities of the smart grid. At the heart of P4G2Go lies the Idemix cryptographic protocol suite, which utilizes anonymous credentials and provides unlinkability of the consumer activities. Our scheme is complemented by the MASKER protocol, used to protect the consumption readings, and the FIDO2 protocol for strong and passwordless authentication. We have implemented the main components of P4G2Go, to quantitatively assess its performance. Finally, we reason about its security and privacy properties, proving that P4G2Go achieves to fulfill the relevant objectives

Προηγμένες λύσεις κυβερνοασφάλειας για κρίσιμες υποδομές και εφαρμογές: έξυπνο δίκτυο και κυβερνοασφάλεια

The rapid digitization of critical infrastructure, coupled with the increasing sophistication of cyber threats, has elevated the importance of robust cybersecurity measures. This dissertation explores the multifaceted realm of cyber defense within the context of critical infrastructure, focusing specifically on the interplay between advanced cyber security solutions, smart grid technology, and the emerging field of cyber insurance. The research begins by dissecting the vulnerabilities inherent in smart grid systems, which form the backbone of modern energy distribution networks. Through a comprehensive analysis of cyber threats targeting smart grids, the study identifies potential attack vectors and assesses the implications of successful breaches on the reliability and resilience of critical energy infrastructure. Subsequently, a range of advanced cyber security solutions is evaluated, encompassing cutting-edge technologies such as artificial intelligence, machine learning, and blockchain, in order to fortify the defenses of smart grid ecosystems. In parallel, the dissertation delves into the evolving landscape of cyber insurance as a risk management strategy for critical infrastructure. Investigating the intricacies of underwriting policies and the quantification of cyber risks, the research elucidates the role of cyber insurance in incentivizing proactive cyber hygiene and fostering a culture of resilience among infrastructure stakeholders. The study also explores the challenges associated with the integration of cyber insurance into existing risk management frameworks and proposes strategies to optimize its efficacy. Furthermore, the dissertation offers a synthesized perspective by examining the synergies between advanced cyber security solutions and cyber insurance. It investigates how a holistic approach, combining technological fortification and financial risk mitigation, can elevate the overall cybersecurity posture of critical infrastructure. Case studies and real-world examples illustrate the practical implementation of these integrated strategies, providing valuable insights for industry practitioners and policymakers alike. In conclusion, this dissertation contributes to the academic discourse on cybersecurity for critical infrastructure by offering a comprehensive examination of advanced solutions tailored to the unique challenges posed by smart grid ecosystems. By exploring the symbiotic relationship between technological fortifications and financial risk mitigation through cyber insurance, this research provides a roadmap for enhancing the cyber resilience of critical infrastructure in the face of evolving cyber threats.Η ταχεία ψηφιοποίηση των κρίσιμων υποδομών, σε συνδυασμό με την αυξανόμενη πολυπλοκότητα των απειλών στον κυβερνοχώρο, έχει αυξήσει τη σημασία των ισχυρών μέτρων κυβερνοασφάλειας. Η παρούσα διατριβή διερευνά το πολύπλευρο πεδίο της κυβερνοάμυνας στο πλαίσιο των κρίσιμων υποδομών, εστιάζοντας συγκεκριμένα στην αλληλεπίδραση μεταξύ προηγμένων λύσεων κυβερνοασφάλειας, της τεχνολογίας έξυπνων δικτύων και του αναδυόμενου τομέα της κυβερνοασφάλισης. Η έρευνα ξεκινά με την ανάλυση των τρωτών σημείων που ενυπάρχουν στα συστήματα έξυπνων δικτύων, τα οποία αποτελούν τη ραχοκοκαλιά των σύγχρονων δικτύων διανομής ενέργειας. Μέσω μιας ολοκλη-ρωμένης ανάλυσης των απειλών στον κυβερνοχώρο που στοχεύουν τα έξυπνα δίκτυα, η μελέτη εντοπίζει πιθανούς φορείς επίθεσης και αξιολογεί τις επιπτώσεις των επιτυχημένων παραβιάσεων στην αξιοπιστία και την ανθεκτικότητα των κρίσιμων ενεργειακών υποδομών. Στη συνέχεια, αξιολογείται μια σειρά προηγμένων λύσεων κυβερνοασφάλειας, που περιλαμβάνουν τεχνολογίες αιχμής, όπως η τεχνητή νοημοσύνη, η μηχανική μάθηση και η blockchain, προκειμένου να ενισχυθεί η άμυνα των οικοσυστημάτων έξυπνων δικτύων. Παράλληλα, η διατριβή εμβαθύνει στο εξελισσόμενο τοπίο της ασφάλισης στον κυβερνοχώρο ως στρατηγική διαχείρισης κινδύνων για τις κρίσιμες υποδομές. Διερευνώντας τις περιπλοκές των πολιτικών ανάληψης κινδύνων και την ποσοτικοποίηση των κινδύνων στον κυβερνοχώρο, η έρευνα διευκρινίζει τον ρόλο της ασφάλισης στον κυβερνοχώρο ως κίνητρο για την προληπτική υγιεινή στον κυβερνοχώρο και την προώθηση μιας κουλτούρας ανθεκτικότητας μεταξύ των ενδιαφερομένων για τις υποδομές. Η μελέτη διερευνά επίσης τις προκλήσεις που συνδέονται με την ενσωμάτωση της ασφάλισης στον κυβερνοχώρο στα υφιστάμενα πλαίσια διαχείρισης κινδύνων και προτείνει στρατηγικές για τη βελτιστοποίηση της αποτελεσματικότητάς της. Επιπλέον, η διατριβή προσφέρει μια συνθετική προοπτική εξετάζοντας τις συνέργειες μεταξύ των προηγμένων λύσεων ασφάλειας στον κυβερνοχώρο και της ασφάλισης στον κυβερνοχώρο. Διερευνά τον τρόπο με τον οποίο μια ολιστική προσέγγιση, που συνδυάζει την τεχνολογική ενίσχυση και τον μετριασμό των οικονομικών κινδύνων, μπορεί να ανυψώσει τη συνολική στάση της κυβερνοασφάλειας των υποδομών ζωτικής σημασίας. Μελέτες περιπτώσεων και παραδείγματα από τον πραγματικό κόσμο απεικονίζουν την πρακτική εφαρμογή αυτών των ολοκληρωμένων στρατηγικών, παρέχοντας πολύτιμες γνώσεις τόσο για τους επαγγελματίες του κλάδου όσο και για τους υπεύθυνους χάραξης πολιτικής. Εν κατακλείδι, η παρούσα διατριβή συμβάλλει στην ακαδημαϊκή συζήτηση για την κυβερνοασφάλεια των υποδομών ζωτικής σημασίας προσφέροντας μια ολοκληρωμένη εξέταση των προηγμένων λύσεων προσαρμοσμένων στις μοναδικές προκλήσεις που θέτουν τα οικοσυστήματα έξυπνων δικτύων. Με τη διερεύνηση της συμβιωτικής σχέσης μεταξύ των τεχνολογικών οχυρώσεων και του μετριασμού του οικονομικού κινδύνου μέσω της ασφάλισης στον κυβερνοχώρο, η παρούσα έρευνα παρέχει έναν οδικό χάρτη για την ενίσχυση της ανθεκτικότητας των υποδομών ζωτικής σημασίας στον κυβερνοχώρο ενόψει των εξελισσόμενων απειλών στον κυβερνοχώρο

P2ISE: Preserving Project Integrity in CI/CD Based on Secure Elements

During the past decade, software development has evolved from a rigid, linear process to a highly automated and flexible one, thanks to the emergence of continuous integration and delivery environments. Nowadays, more and more development teams rely on such environments to build their complex projects, as the advantages they offer are numerous. On the security side however, most environments seem to focus on the authentication part, neglecting other critical aspects such as the integrity of the source code and the compiled binaries. To ensure the soundness of a software project, its source code must be secured from malicious modifications. Yet, no method can accurately verify that the integrity of the project’s source code has not been breached. This paper presents P2ISE, a novel integrity preserving tool that provides strong security assertions for developers against attackers. At the heart of P2ISE lies the TPM trusted computing technology which is leveraged to ensure integrity preservation. We have implemented the P2ISE and quantitatively assessed its performance and efficiency

A Qualitative Analysis of Illicit Arms Trafficking on Darknet Marketplaces

During the last decade, the dark web has become the playground for criminal and underground activities, such as marketplaces of drugs and guns, as well as illegal content sharing. The dark web is one of the top crime environments presented in EUROPOL's Internet Organised Crime Threat Assessment 2021. This paper provides a qualitative study on the darknet marketplaces of illegal arms trafficking. For this purpose, we implemented a crawler based on the ACHE Python library to collect hidden web pages (onion services) on the Tor network. We gathered data from ten marketplaces recommended by dark web search engines - Ahmia, Deep Search, and Onion Land Search. We provide a first report of the overall landscape of illicit arms trafficking, discussing the range of weapons such as military drones, explosives, and other related products, together with the payment and shipping methods provided by the vendors. The findings verify previous reports from reputable institutions (United Nations and RAND Europe). Most of these illicit marketplaces are easily accessible to the average user; they are well-organized with a large variety of firearms and also provide extensive customer support

SAMGRID: Security Authorization and Monitoring Module Based on SealedGRID Platform

IoT devices present an ever-growing domain with multiple applicability. This technology has favored and still favors many areas by creating critical infrastructures that are as profitable as possible. This paper presents a hierarchical architecture composed of different licensing entities that manage access to different resources within a network infrastructure. They are conducted on the basis of well-drawn policy rules. At the same time, the security side of these resources is also placed through a context awareness module. Together with this technology, IoT is used and Blockchain is enabled (for network consolidation, as well as the transparency with which to monitor the platform). The ultimate goal is to implement a secure and scalable security platform for the Smart Grid. The paper presents the work undertaken in the SealedGRID project and the steps taken for implementing security policies specifically tailored to the Smart Grid, based on advanced concepts such as Opinion Dynamics and Smart Grid-related Attribute-based Access Control.This research was funded by the European Commission, under the SealedGRID project, Grant Agreement no. 777996, and by the Norway Grants and UEFISCDI, under the SOLID-B5G project, Project contract no. 42/2021, RO-NO-2019-0499. Institutional Review. Partial funding for open access charge: Universidad de Málag

SECONDO: A platform for cybersecurity investments and cyber insurance decisions

This paper represents the SECONDO framework to assist organizations with decisions related to cybersecurity investments and cyber-insurance. The platform supports cybersecurity and cyber-insurance decisions by implementing and integrating a number of software components. SECONDO operates in three distinct phases: (i) cyber-physical risk assessment and continuous monitoring; (ii) investment-driven optimized cyber-physical risk control; and (iii) blockchain-enabled cyber-insurance contract preparation and maintenance. Insurers can leverage SECONDO functionalities to actively participate in the management of cyber-physical risks of a shipping company to reduce their insured risk