A comprehensive review of RFID and bluetooth security: practical analysis

The Internet of Things (IoT) provides the ability to digitize physical objects into virtual data, thanks to the integration of hardware (e.g., sensors, actuators) and network communications for collecting and exchanging data. In this digitization process, however, security challenges need to be taken into account in order to prevent information availability, integrity, and confidentiality from being compromised. In this paper, security challenges of two broadly used technologies, RFID (Radio Frequency Identification) and Bluetooth, are analyzed. First, a review of the main vulnerabilities, security risk, and threats affecting both technologies are carried out. Then, open hardware and open source tools like: Proxmark3 and Ubertooth as well as BtleJuice and Bleah are used as part of the practical analysis. Lastly, risk mitigation and counter measures are proposed

Airfoil catalogue for wind turbine blades with OpenFOAM

A methodology to efficiently simulate wind tunnel tests of several airfoils with OpenFOAM has been developed in this work. This methodology bridges OpenFOAM capabilities with Matlab postprocessing to analyse efficiently the performance of wind turbine airfoils at any angle of attack. This technique has been developed to reduce the cost, in terms of time and resources, of wind tunnel campaigns on wind turbine blade airfoils. Different turbulence models were used to study the behaviour of the airfoils near stall. Wind turbine airfoils need to be characterized for all possible angles of attack, in order to reproduce the real aerodynamic patterns during operation. Unfortunately, this situation is translated into a huge demand of wind tunnel testing resources, airfoil manufacturing and data post-processing. The high costs in terms of experimental measurements have encouraged many researches to elaborate airfoil catalogues by performing CFD simulations.Results are compared with a testing campaign on wind turbine airfoils aerodynamics run at AB6 wind tunnel of IDR/UPM located at the campus Universidad Politécnica de Madrid (Madrid, Spain), this tunnel being particularly suited for bi-dimensional applications. It is an open wind tunnel with a test section of 2.5 x 0.5 m, the turbulence intensity is under 3% at a Reynolds number of Re ∼= 5×105. The central part of the airfoil mock-ups were built with a 3D printer Additive Fused Deposition Modelling technology (FDM). Simulation results show a fair agreement with experiments, and helped to improve the performance of the wind tunnel

Circulating miR-200c and miR-141 and outcomes in patients with breast cancer

Research article[Abstract] Background. The deregulation of microRNAs in both tumours and blood has led to the search for microRNAs to indicate the presence of cancer and predict prognosis. We hypothesize the deregulation of miR-200c/miR-141 in the whole blood can identify breast cancer (BC), and could be developed into a prognostic signature. Methods. The expression of miR-200c and miR-141 were examined in bloods (57 stage I-IV BC patients and 20 age-matched controls) by quantitative reverse-transcription PCR. The associations of circulating microRNAs with clinic and pathological characteristics were analysed. Their effects on survival were analysed by the Kaplan-Meier method and Cox regressions. Results. MiR-200c was down regulated (P < 0.0001) in the blood of BC patients, yielded an area under the ROC curve of 0.79 (90% sensitivity, 70.2% specificity) in discriminating BC from controls. Circulating miR-141 was not discriminating. MiR-200c and miR-141 in the blood of BC patients were inversely correlated (P = 0.019). The miR-200c levels were numerically higher in stage IV and tumours with lower MIB-1. MiR-141 was significantly higher in the blood of patients with stage I-III, lymph node metastasis, and HER2 negative tumours. High blood expression of miR-200c and/or low expression of miR-141 was associated with unfavourable overall survival (hazard ratio, 3.89; [95% CI: 1.28-11.85]) and progression-free survival (3.79 [1.41–10.16]) independent of age, stage and hormonal receptors. Conclusions. Circulating miR-200c and miR-141 were deregulated in BC comparing with controls. Furthermore, miR-200c and miR-141 were independent prognostic factors and associated with distinct outcomes of BC patients.Instituto de Salud Carlos III (España); PI06-154

Catalysis in flow: Operando study of Pd catalyst speciation and leaching

A custom-made plug flow reactor was designed and constructed to examine the behaviour of Pd catalysts during Suzuki-Miyaura cross-coupling reactions. Spatial-temporal resolution of catalyst activation, deactivation and leaching processes can be obtained by single-pass experiments. Subsequent deployment of the flow reactor in a XAS beam line revealed speciation of Pd along the catalyst bed

Photography-based taxonomy is inadequate, unnecessary, and potentially harmful for biological sciences

The question whether taxonomic descriptions naming new animal species without type specimen(s) deposited in collections should be accepted for publication by scientific journals and allowed by the Code has already been discussed in Zootaxa (Dubois & Nemésio 2007; Donegan 2008, 2009; Nemésio 2009a–b; Dubois 2009; Gentile & Snell 2009; Minelli 2009; Cianferoni & Bartolozzi 2016; Amorim et al. 2016). This question was again raised in a letter supported by 35 signatories published in the journal Nature (Pape et al. 2016) on 15 September 2016. On 25 September 2016, the following rebuttal (strictly limited to 300 words as per the editorial rules of Nature) was submitted to Nature, which on 18 October 2016 refused to publish it. As we think this problem is a very important one for zoological taxonomy, this text is published here exactly as submitted to Nature, followed by the list of the 493 taxonomists and collection-based researchers who signed it in the short time span from 20 September to 6 October 2016

Modbus Access Control System Based on SSI over Hyperledger Fabric Blockchain

Security is the main challenge of the Modbus IIoT protocol. The systems designed to provide security involve solutions that manage identity based on a centralized approach by introducing a single point of failure and with an ad hoc model for an organization, which handicaps the solution scalability. Our manuscript proposes a solution based on self-sovereign identity over hyperledger fabric blockchain, promoting a decentralized identity from which both authentication and authorization are performed on-chain. The implementation of the system promotes not only Modbus security, but also aims to ensure the simplicity, compatibility and interoperability claimed by Modbus

A role-based access control model in modbus SCADA systems. A centralized model approach

Industrial Control Systems (ICS) and Supervisory Control systems and Data Acquisition (SCADA) networks implement industrial communication protocols to enable their operations. Modbus is an application protocol that allows communication between millions of automation devices. Unfortunately, Modbus lacks basic security mechanisms, and this leads to multiple vulnerabilities, due to both design and implementation. This issue enables certain types of attacks, for example, man in the middle attacks, eavesdropping attacks, and replay attack. The exploitation of such flaws may greatly influence companies and the general population, especially for attacks targeting critical infrastructural assets, such as power plants, water distribution and railway transportation systems. In order to provide security mechanisms to the protocol, the Modbus organization released security specifications, which provide robust protection through the blending of Transport Layer Security (TLS) with the traditional Modbus protocol. TLS will encapsulate Modbus packets to provide both authentication and message-integrity protection. The security features leverage X.509v3 digital certificates for authentication of the server and client. From the security specifications, this study addresses the security problems of the Modbus protocol, proposing a new secure version of a role-based access control model (RBAC), in order to authorize both the client on the server, as well as the Modbus frame. This model is divided into an authorization process via roles, which is inserted as an arbitrary extension in the certificate X.509v3 and the message authorization via unit id, a unique identifier used to authorize the Modbus frame. Our proposal is evaluated through two approaches: A security analysis and a performance analysis. The security analysis involves verifying the protocol’s resistance to different types of attacks, as well as that certain pillars of cybersecurity, such as integrity and confidentiality, are not compromised. Finally, our performance analysis involves deploying our design over a testnet built on GNS3. This testnet has been designed based on an industrial security standard, such as IEC-62443, which divides the industrial network into levels. Then both the client and the server are deployed over this network in order to verify the feasibility of the proposal. For this purpose, different latencies measurements in industrial environments are used as a benchmark, which are matched against the latencies in our proposal for different cipher suites

A Role-Based Access Control Model in Modbus SCADA Systems. A Centralized Model Approach

Industrial Control Systems (ICS) and Supervisory Control systems and Data Acquisition (SCADA) networks implement industrial communication protocols to enable their operations. Modbus is an application protocol that allows communication between millions of automation devices. Unfortunately, Modbus lacks basic security mechanisms, and this leads to multiple vulnerabilities, due to both design and implementation. This issue enables certain types of attacks, for example, man in the middle attacks, eavesdropping attacks, and replay attack. The exploitation of such flaws may greatly influence companies and the general population, especially for attacks targeting critical infrastructural assets, such as power plants, water distribution and railway transportation systems. In order to provide security mechanisms to the protocol, the Modbus organization released security specifications, which provide robust protection through the blending of Transport Layer Security (TLS) with the traditional Modbus protocol. TLS will encapsulate Modbus packets to provide both authentication and message-integrity protection. The security features leverage X.509v3 digital certificates for authentication of the server and client. From the security specifications, this study addresses the security problems of the Modbus protocol, proposing a new secure version of a role-based access control model (RBAC), in order to authorize both the client on the server, as well as the Modbus frame. This model is divided into an authorization process via roles, which is inserted as an arbitrary extension in the certificate X.509v3 and the message authorization via unit id, a unique identifier used to authorize the Modbus frame. Our proposal is evaluated through two approaches: A security analysis and a performance analysis. The security analysis involves verifying the protocol&rsquo;s resistance to different types of attacks, as well as that certain pillars of cybersecurity, such as integrity and confidentiality, are not compromised. Finally, our performance analysis involves deploying our design over a testnet built on GNS3. This testnet has been designed based on an industrial security standard, such as IEC-62443, which divides the industrial network into levels. Then both the client and the server are deployed over this network in order to verify the feasibility of the proposal. For this purpose, different latencies measurements in industrial environments are used as a benchmark, which are matched against the latencies in our proposal for different cipher suites

An attribute-based access control model in RFID systems based on blockchain decentralized applications for healthcare environments

The growing adoption of Radio-frequency Identification (RFID) systems, particularly in the healthcare field, demonstrates that RFID is a positive asset for healthcare institutions. RFID offers the ability to save organizations time and costs by enabling data of traceability, identification, communication, temperature and location in real time for both people and resources. However, the RFID systems challenges are financial, technical, organizational and above all privacy and security. For this reason, recent works focus on attribute-based access control (ABAC) schemes. Currently, ABAC are based on mostly centralized models, which in environments such as the supply chain can present problems of scalability, synchronization and trust between the parties. In this manuscript, we implement an ABAC model in RFID systems based on a decentralized model such as blockchain. Common criteria for the selection of the appropriate blockchain are detailed. Our access control policies are executed through the decentralized application (DApp), which interfaces with the blockchain through the smart contract. Smart contracts and blockchain technology, on the one hand, solve current centralized systems issues as well as being flexible infrastructures that represent the relationship of trust and support essential in the ABAC model in order to provide the security of RFID systems. Our system has been designed for a supply chain environment with an use case suitable for healthcare systems, so that assets such as surgical instruments containing an associated RFID tag can only access to specific areas. Our system is deployed in both a local and Testnet environment in order to stablish a deep comparison and determining the technical feasibility

Towards decentralized and scalable architectures for access control systems for IIoT scenarios.

The Industrial Internet of Things (IIoT) architecture is complex due to, among other things, the convergence of protocols, standards, and buses from such heterogeneous environments as Information Technology (IT) and Operational Technology (OT). IT – OT convergence not only makes interoperability difficult but also makes security one of the main challenges for IIoT environments. In this context, this thesis starts with a comprehensive survey of the protocols, standards, and buses commonly used in IIoT environments, analyzing the vulnerabilities in assets implementing them, as well as the impact and severity of exploiting such vulnerabilities in IT and OT environments. The Vulnerability Analysis Framework (VAF) methodology used for risk assessment in IIoT environments has been applied to 1,363 vulnerabilities collected from assets implementing the 33 protocols, standards and buses studied. On the other hand, Access Control Systems emerges as an efficient solution to mitigate some of the vulnerabilities and threats in the context of IIoT scenarios. Motivated by the variety and heterogeneity of IIoT environments, the thesis explores different alternatives of Access Control Systems covering different architectures. These architectures include Access Control Systems based on traditional Authorization policies such as Role-based Access Control or Attribute-based Access Control, as well as Access Control Systems that integrate other capabilities besides Authorization such as Identification, Authentication, Auditing and Accountability. Blockchain technologies are incorporated into some of the proposals as they enable properties not achievable in centralized architectures, at different levels of complexity: they can be used just as a verifiable data registry, executing simple off-chain authorization policies, up to scenarios where the blockchain enables on-chain an Identity and Access Management System, based on Self-Sovereign Identity.La arquitectura del Internet de las Cosas Industrial (del inglés, IIoT) es compleja entre otras cosas, debido a la convergencia de protocolos, estándares y buses de entornos tan heterogéneos como los de tecnologías de la información (del inglés, IT) y tecnologías operacionales (del inglés, OT). La convergencia IT – OT no solamente dificulta la interoperabilidad sino también hace la seguridad uno de los principales retos para los entornos IIoT. En este contexto esta tesis inicia con una exhaustiva revisión de la literatura acerca de los protocolos, estándares y buses comúnmente usados en los entornos IIoT analizando además, las vulnerabilidades en activos que implementan estos protocolos, estándares y buses, así como el impacto y la severidad de explotar dichas vulnerabilidades en entornos puramente IT y puramente OT. Para llevar a cabo dicho análisis se propone la metodología “Vulnerability Analysis Framework” (VAF) usada para la determinación del riesgo en entornos IIoT, la cual ha sido aplicada sobre 1363 vulnerabilidades recolectadas de activos que implementan los 33 protocolos, estándares y buses estudiados. Por otra parte, los Sistemas de control de Acceso emergen como una solución eficiente para mitigar algunas de las vulnerabilidades y amenazas en el contexto de los escenarios IIoT. Motivados por la variedad y la heterogeneidad de los entornos IIoT, la tesis explora diferentes alternativas de Sistemas de Control de Acceso cubriendo diferentes arquitecturas. Estas arquitecturas incluyen Sistemas de Control de Acceso basados en políticas tradicionales de Autorización como Control de Acceso basado en Roles o Control de Acceso basado en Atributos, así como Sistemas de Control de Acceso que integran otras capacidades además de la Autorización como Identificación, Autenticación, Auditoría y Rendición de Cuentas. Las tecnologías blockchain integradas en algunas de las propuestas habilitan propiedades no alcanzables en arquitecturas centralizadas a diferentes niveles, formando parte de escenarios que van desde únicamente ser usadas como un registro de datos verificables ejecutando simples políticas de autorización fuera de la cadena hasta escenarios donde la tecnología blockchain habilita sistemas descentralizados de gestión de la identidad y el acceso basados en Identidad Auto-Soberana