15 research outputs found
Blockchains as Enablers for Auditing Cooperative Circular Economy Networks
Implementing a circular economy business
model which is profitable for businesses operating
physical assets, while at the same time does not conflict
with strategic goals of environmental policies can be a
complex and risky undertaking for a single entity,
especially if the asset operator is a small-to-medium
enterprise (SMEs). To mitigate this, a collaborative
circular economy business model is proposed, where the
circular economy cycle is materialized by assets
transitioning between asset operators on a demanddriven
approach. Demand itself is partially based on the
asset's state, which is described by its circular
properties (location, condition, availability). The asset
state and its transition between operators can be
monitored by auditors and governmental regulators to
ensure asset integrity and compliance with
environmental targets. This common view of asset state
between all parties can be enabled by blockchains and
smart contracts, which can provide the underlying
technology to share data with integrity, while
simultaneously offering more efficient interoperability
between participants. To demonstrate how this could be
achieved, a conceptual asset record access and sharing
mechanism is presented which is suitable for regulated
environmental jurisdictions
Why Do Developers Get Password Storage Wrong? A Qualitative Usability Study
Passwords are still a mainstay of various security systems, as well as the
cause of many usability issues. For end-users, many of these issues have been
studied extensively, highlighting problems and informing design decisions for
better policies and motivating research into alternatives. However, end-users
are not the only ones who have usability problems with passwords! Developers
who are tasked with writing the code by which passwords are stored must do so
securely. Yet history has shown that this complex task often fails due to human
error with catastrophic results. While an end-user who selects a bad password
can have dire consequences, the consequences of a developer who forgets to hash
and salt a password database can lead to far larger problems. In this paper we
present a first qualitative usability study with 20 computer science students
to discover how developers deal with password storage and to inform research
into aiding developers in the creation of secure password systems
Password-Hashing Status
Computers are used in our everyday activities, with high volumes of users accessing provided services. One-factor authentication consisting of a username and a password is the common choice to authenticate users in the web. However, the poor password management practices are exploited by attackers that disclose the users’ credentials, harming both users and vendors. In most of these occasions the user data were stored in clear or were just processed by a cryptographic hash function. Password-hashing techniques are applied to fortify this user-related information. The standardized primitive is currently the PBKDF2 while other widely-used schemes include Bcrypt and Scrypt. The evolution of parallel computing enables several attacks in password-hash cracking. The international cryptographic community conducted the Password Hashing Competition (PHC) to identify new efficient and more secure password-hashing schemes, suitable for widespread adoption. PHC advanced our knowledge of password-hashing. Further analysis efforts revealed security weaknesses and novel schemes were designed afterwards. This paper provides a review of password-hashing schemes until the first quarter of 2017 and a relevant performance evaluation analysis on a common setting in terms of code size, memory consumption, and execution time
Artificial Intelligence-Driven Composition and Security Validation of an Internet of Things Ecosystem
Key challenges in Internet-of-Things (IoT) system design and management include the secure system composition and the calculation of the security and dependability level of the final system. This paper presents an event-based model-checking framework for IoT systems’ design and management, called CompoSecReasoner. It invokes two main functionalities: (i) system composition verification, and (ii) derivation and validation of security, privacy, and dependability (SPD) metrics. To measure the SPD values of a system, we disassemble two well-known types of security metrics—the attack surface methodologies and the medieval castle approach. The first method determines the attackable points of the system, while the second one defines the protection level that is provided by the currently composed system-of-systems. We extend these techniques and apply the Event Calculus method for modelling the dynamic behavior of a system with progress in time. At first, the protection level of the currently composed system is calculated. When composition events occur, the current system status is derived. Thereafter, we can deploy reactive strategies and administrate the system automatically at runtime, implementing a novel setting for Moving Target Defenses. We demonstrate the overall solution on a real ambient intelligence application for managing the embedded devices of two emulated smart buildings
Lightweight cryptography for embedded systems – A comparative analysis
Abstract. As computing becomes pervasive, embedded systems are deployed in a wide range of domains, including industrial systems, critical infrastructures, private and public spaces as well as portable and wearable applications. An integral part of the functionality of these systems is the storage, access and transmission of private, sensitive or even critical information. Therefore, the confidentiality and integrity of the resources and services of said devices constitutes a prominent issue that must be considered during their design. There is a variety of cryptographic mechanisms which can be used to safeguard the confidentiality and integrity of stored and transmitted information. In the context of embedded systems, however, the problem at hand is exacerbated by the resource-constrained nature of the devices, in conjunction with the persistent need for smaller size and lower production costs. This paper provides a comparative analysis of lightweight cryptographic algorithms applicable to such devices, presenting recent advances in the field for symmetric and asymmetric algorithms as well as hash functions. A classification and evaluation of the schemes is also provided, utilizing relevant metrics in order to assess their suitability for various types of embedded systems
Preface
Summarization: This volume contains the papers presented at the 2nd Workshop on Model-driven
Simulation and Training Environments for Cybersecurity (MSTEC 2020), held
virtually on September 17, 2020, under the ESORICS 2020 conference.
The MSTEC 2020 workshop addressed recent advances in the field of cyber
modeling and simulation.Παρουσιάστηκε στο: 2nd International Workshop on Model-Driven Simulation and Training Environments for Cybersecurit
Artificial intelligence-driven composition and security validation of an Internet of Things ecosystem
Summarization: Key challenges in Internet-of-Things (IoT) system design and management include the secure system composition and the calculation of the security and dependability level of the final system. This paper presents an event-based model-checking framework for IoT systems’ design and management, called CompoSecReasoner. It invokes two main functionalities: (i) system composition verification, and (ii) derivation and validation of security, privacy, and dependability (SPD) metrics. To measure the SPD values of a system, we disassemble two well-known types of security metrics—the attack surface methodologies and the medieval castle approach. The first method determines the attackable points of the system, while the second one defines the protection level that is provided by the currently composed system-of-systems. We extend these techniques and apply the Event Calculus method for modelling the dynamic behavior of a system with progress in time. At first, the protection level of the currently composed system is calculated. When composition events occur, the current system status is derived. Thereafter, we can deploy reactive strategies and administrate the system automatically at runtime, implementing a novel setting for Moving Target Defenses. We demonstrate the overall solution on a real ambient intelligence application for managing the embedded devices of two emulated smart buildings.Παρουσιάστηκε στο: Applied Science