Moving Target Defense for Securing SCADA Communications

In this paper, we introduce a framework for building a secure and private peer to peer communication used in supervisory control and data acquisition networks with a novel Mobile IPv6-based moving target defense strategy. Our approach aids in combating remote cyber-attacks against peer hosts by thwarting any potential attacks at their reconnaissance stage. The IP address of each host is randomly changed at a certain interval creating a moving target to make it difficult for an attacker to find the host. At the same time, the peer host is updated through the use of the binding update procedure (standard Mobile IPv6 protocol). Compared with existing results that can incur significant packet-loss during address rotations, the proposed solution is loss-less. Improving privacy and anonymity for communicating hosts by removing permanent IP addresses from all packets is also one of the major contributions of this paper. Another contribution is preventing black hole attacks and bandwidth depletion DDoS attacks through the use of extra paths between the peer hosts. Recovering the communication after rebooting a host is also a new contribution of this paper. Lab-based simulation results are presented to demonstrate the performance of the method in action, including its overheads. The testbed experiments show zero packet-loss rate during handoff delay

Technical Analysis of Thanos Ransomware

Ransomware is a developing menace that encrypts users’ files and holds the decryption key hostage until the victim pays a ransom. This particular class of malware has been in charge of extortion hundreds of millions of dollars every year. Adding to the problem, generating new variations is cheap. Therefore, new malware can detect antivirus and intrusion detection systems and evade them or manifest in ways to make themselves undetectable. We must first understand the characteristics and behavior of various varieties of ransomware to create and construct effective security mechanisms to combat them. This research presents a novel dynamic and behavioral analysis of a newly discovered ransomware called Thanos. It was founded in 2020 and is building up to be the leading malware used by low-to-medium-level attackers. It is part of a new ransomware class known as RaaS (Ransomware as a Service), where attackers can customize it for their desired target audience. So far, it is more prevalent in the middle east and North Africa and has over 130 unique samples already. As part of this investigation, the Thanos ransomware is carefully being analyzed. A testbed is created in the virtual artificial environment that mimics a regular operating system and identifies malware interactions with user data. Using this testbed, we can study how ransomware generally affects our system, how it spreads, and how it continually persists to access the user’s information. We can design a new security mechanism to detect and mitigate Thanos and similar ransomware based on behavior examination results

Malware Binary Image Classification Using Convolutional Neural Networks

The persistent shortage of cybersecurity professionals combined with enterprise networks tasked with processing more data than ever before has led many cybersecurity experts to consider automating some of the most common and time-consuming security tasks using machine learning. One of these cybersecurity tasks where machine learning may prove advantageous is malware analysis and classification. To evade traditional detection techniques, malware developers are creating more complex malware. This is achieved through more advanced methods of code obfuscation and conducting more sophisticated attacks. This can make the manual process of analyzing malware an infinitely more complex task. Furthermore, the proliferation of malicious files and new malware signatures increases year by year. As of March 2020, the total number of new malware detections worldwide amounted to 677.66 million programs. In 2020, there was a 35.4% increase in new malware variants over the previous year. This paper examines the viability of classifying malware binaries represented as fixed-size grayscale using convolutional neural networks. Several Convolutional Neural Network (CNN) architectures are evaluated on multiple performance metrics to analyze their effectiveness at solving this classification problem

Monetization of policy costs and sustainability benefits associated with renewable energy in fossil fuel-rich countries (FFRCs)

The electricity sector in Middle Eastern fossil fuel-rich countries (FFRCs) is characterised by the high electricity subsidies that result in a large price gap between Feed-in Tariffs (FiT) and consumer electricity prices, which inhibits electricity generation from renewable energy sources (RES-E). Meanwhile, RES-E development could reduce GHG emissions, allow fossil fuel to be sustainably commercialised or processed, and save water consumption in thermal power plants as an alternative solution in FFRCs. This study aimed at monetarizing those benefits and evaluating the performance of RES-E policy in a FFRCs framework by defining the benefit-cost ratio as a sustainability indicator, considering Iran as a case study scenario. Results showed that the FiT purchase price was seven times higher than the average consumer price of electricity, which implied a $US 345 million cost for renewable energy support during the 2009–2019 time window. Conversely, benefits from the use of renewable energy were estimated in$US 68 million. The resulting benefit-cost ratio of RES-E policy was found to be 0.2, which indicates that FiT policy was inefficient and only 20% of the expenditure could be recovered. To make RES-E policies more efficient and foster renewable energy deployment, limiting the electricity subsidy that widens the price gap between FiT and market price has been suggested. Furthermore, carbon price was identified to have high impact on the benefit-cost ratio indicator. A policy framework setting a 100 $US/t CO2 would balance RES-E policy costs and benefits. This evidence could aid in decision-making for RES-E implementation in FFRCs

Evaluation of SIP Signalling and QoS for VoIP over OLSR MANET Routing Protocol

Abstract: This paper evaluates the SIP based VoIP applications over the Optimized Link State Routing protocol (OLSR) as a proactive routing protocol for Mobile Ad Hoc Networks (MANET) using Static, Uniform, and Random mobility models. The evaluation considered PCM, LQS, IPTelephony, and GSM voice codecs to study the SIP signaling performance and the voice Quality of Service (QoS) for VoIP calls over OLSR MANET. The simulation efforts performed in OPNET Modeler 17.1. The results show that VoIP over OLSR MANET has good performance over Static and Uniform mobility models while it has variable performance with Random models. SIP signaling has large delays compared with the voice signaling which reduce the VoIP performance and increases the call's duration. In addition, GSM and LQS based VoIP calls have an acceptable level of QoS while PCM and IP-Telephony based VoIP calls have a low level of QoS over different types of mobility models. Furthermore, the location and the mobility of SIP server affect the number of hops and the SIP signaling performance between the different parties of the VoIP call

Known Unknowns: Indeterminacy in Authentication in IoT

The Internet of Things (IoT), comprising a plethora of heterogeneous devices, is an enabling technology that can improve the quality of our daily lives, for instance by measuring parameters from the environment (e.g., humidity, temperature, weather, energy consumption, traffic, and others) or our bodies (e.g., health data). However, as with any technology, IoT has introduced a number of security and privacy challenges. Indeed, IoT devices create, process, transfer and store data, which are often sensitive, and which must be protected from unauthorized access. Similarly, the infrastructure that links with IoT, as well as the IoT devices themselves, is an asset that needs to be protected. The focus of this work is examining authentication in IoT. In particular, in this work we conducted a state-of-the-art review of the access control models that have been proposed, including both traditional access control models and emerging models that have recently been proposed and are tailored for IoT. We identified that the existing models cannot cope with indeterminacy, an inherent characteristic of IoT, which hinders authentication decisions. In this context, we studied the two known components of indeterminacy, i.e., uncertainty and ambiguity, and proposed a new model that handles indeterminacy in authentication in IoT environments

Integrating IPsec within OpenFlow Architecture for Secure Group Communication

Network security protocols such as IPsec have been used for many years to ensure robust end⁃to⁃end communication and are important in the context of SDN. Despite the widespread installation of IPsec to date, per⁃packet protection offered by the protocol is not very compatible with OpenFlow and flow⁃like behavior. OpenFlow architecture cannot aggregate IPsec⁃ESP flows in transport mode or tunnel mode because layer⁃3 information is encrypted and therefore unreadable. In this paper, we propose using the Security Parameter Index (SPI) of IPsec within the OpenFlow architecture to identify and direct IPsec flows. This enables IPsec to conform to the packet⁃based behavior of OpenFlow architecture. In addition, by distinguishing between IPsec flows, the architecture is particularly suited to secure group communication

Evaluation and determining of the Pattern of the Human Albumin Utilization at Shahid Rahimi Hospital, Khorramabad, Iran

Background: The World Health Organization (WHO) has supported many intervention strategies, including executive, educational, and monitoring proceedings to improve the evaluation of drug use and the drug management system. Since the resources are limited, it is essential to utilize existing resources properly. Serum albumin is the most abundant blood protein produced in the liver. Different forms of albumin are available in the market and employed to treat hypovolemia, Cirrhotic ascites, severe burns, septic shock, hyperstimulation syndrome, etc. Due to the high price of albumin and its importance for saving patient’s lives.Methods: precisely according to the determined protocols, and it’s unreasonable and irrational medication should be avoided. Statistical analysis was performed in Shahid Rahimi Hospital of Khorramabad, Iran, from March 2018 to March 2019. Albumin administration for randomly selected patients receiving albumin in different wards was evaluated. The main sources to retrieve information were pharmacy drug folders, patient folders (including laboratory information), and nursing folders. Age, sex, weight, ward, albumin level, symptoms, and final dose were recorded for each patient. Contraindications to the administration of albumin or any caution in its use were also considered. Data were analyzed by using SPSS16 and Excel software. Independent T-test and Chi-square test were employed to compare quantitative and qualitative variables. 271 patients were studied, including 160 men and 111 women.Results: The two male and female surgical wards with 41 patients had the highest percentage of patients admitted with albumin administration. Also, the most common cause of albumin administration in patients was hypoalbuminemia. 55% of albumin prescriptions in Shahid Rahimi Hospital of Khorramabad were irrational, driving a substantial financial burden for the healthcare system and patients. Among all the prescribed cases, only 5.2% were approved by the pharmacist. Finally, 77.1% of patients recovered, and 22.9% died.Conclusion: Considering that the highest percentage of patients receiving albumin administration, both among patients with irrational administration and in general, were in men's and women's surgical wards, it is recommended that the drugs prescribed in these wards be further investigated and get pre- Approved by a pharmacist to prevent higher medical costs for patients and healthcare system.          Keywords: Albumin; Hypovolemia; Cirrhotic Ascites; Septic Shock; Hyperstimulation Syndrome