15 research outputs found
Smart Ticket Protection: An Architecture for Cyber-Protecting Physical Tickets Using Digitally Signed Random Pattern Markers
In order to counter forgeries of tickets for public transport or mass events,
a method to validate them, using printed unique random pattern markers was
developed. These markers themselves are unforgeable by their physically random
distribution. To assure their authenticity, however, they have to be
cryptographically protected and equipped with an environment for successful
validation, combining physical and cyber security protection. This paper
describes an architecture for cryptographically protecting these markers, which
are stored in Aztec codes on physical tickets, in order to assure that only an
authorized printer can generate a valid Aztec code of such a pattern, thus
providing forge protection in combination with the randomness and uniqueness of
the pattern. Nevertheless, the choice of the signature algorithm is heavily
constrained by the sizes of the pattern, ticket provider data, metadata and the
signature confronted by the data volume the code hold. Therefore, this paper
also defines an example for a signature layout for the proposed architecture.
This allows for a lightweight ticket validation system that is both physically
and cryptographically secured to form a smart solution for mass access
verification for both shorter to longer periods at relatively low cost.Comment: 4 pages, 2 figure
Towards a Secure Smart Grid Storage Communications Gateway
This research in progress paper describes the role of cyber security measures
undertaken in an ICT system for integrating electric storage technologies into
the grid. To do so, it defines security requirements for a communications
gateway and gives detailed information and hands-on configuration advice on
node and communication line security, data storage, coping with backend M2M
communications protocols and examines privacy issues. The presented research
paves the road for developing secure smart energy communications devices that
allow enhancing energy efficiency. The described measures are implemented in an
actual gateway device within the HORIZON 2020 project STORY, which aims at
developing new ways to use storage and demonstrating these on six different
demonstration sites.Comment: 6 pages, 2 figure
Approaching the Automation of Cyber Security Testing of Connected Vehicles
The advancing digitalization of vehicles and automotive systems bears many
advantages for creating and enhancing comfort and safety-related systems
ranging from drive-by-wire, inclusion of advanced displays, entertainment
systems up to sophisticated driving assistance and autonomous driving. It,
however, also contains the inherent risk of being used for purposes that are
not intended for, raging from small non-authorized customizations to the
possibility of full-scale cyberattacks that affect several vehicles to whole
fleets and vital systems such as steering and engine control. To prevent such
conditions and mitigate cybersecurity risks from affecting the safety of road
traffic, testing cybersecurity must be adopted into automotive testing at a
large scale. Currently, the manual penetration testing processes cannot uphold
the increasing demand due to time and cost to test complex systems. We propose
an approach for an architecture that (semi-)automates automotive cybersecurity
test, allowing for more economic testing and therefore keeping up to the rising
demand induced by new vehicle functions as well as the development towards
connected and autonomous vehicles.Comment: 3 pages, 1 figure, Central European Cybersecurity Conference 2019
(CECC2019), Munic
Integrating Threat Modeling and Automated Test Case Generation into Industrialized Software Security Testing
Industrial Internet of Things (IIoT) application provide a whole new set of
possibilities to drive efficiency of industrial production forward. However,
with the higher degree of integration among systems, comes a plethora of
newthreats to the latter, as they are not yet designed to be broadly reachable
and interoperable. To mitigate these vast amount of new threats, systematic and
automated test methods are necessary. This comprehensiveness can be achieved by
thorough threat modeling. In order to automate security test, we present an
approach to automate the testing process from threat modeling onward, closing
the gap between threat modeling and automated test case generation.Comment: 3 pages, 1 figure, Central European Cybersecurity Conference 2019
(CECC2019), Munic
An Overview of Wireless IoT Protocol Security in the Smart Home Domain
While the application of IoT in smart technologies becomes more and more
proliferated, the pandemonium of its protocols becomes increasingly confusing.
More seriously, severe security deficiencies of these protocols become evident,
as time-to- market is a key factor, which satisfaction comes at the price of a
less thorough security design and testing. This applies especially to the smart
home domain, where the consumer-driven market demands quick and cheap
solutions. This paper presents an overview of IoT application domains and
discusses the most important wireless IoT protocols for smart home, which are
KNX-RF, EnOcean, Zigbee, Z-Wave and Thread. Finally, it describes the security
features of said protocols and compares them with each other, giving advice on
whose protocols are more suitable for a secure smart home.Comment: 8 pages, 4 figure
Knowing one’s place : parental educational background influences social identification with academia, test anxiety, and satisfaction with studying at university
First-generation students (i.e., students whose parents did not attend university) often experience difficulties fitting in with the social environment at universities. This experience of personal misfit is supposedly associated with an impaired social identification with their aspired in-group of academics compared to continuing-generation students (i.e., students with at least one parent with an academic degree. In this article, we investigate how the postulated differences in social identification with the group of academics affect first-generation students’ satisfaction with studying and test anxiety over time. We assume that first-generation students’ impaired social identification with the group of academics leads to decreased satisfaction with studying and aggravated test anxiety over the course of the first academic year. In a longitudinal study covering students’ first year at a German university, we found that continuing-generation students consistently identified more strongly with their new in-group of academics than first-generation students. The influence of social identification on test anxiety and satisfaction with studying differed between groups. For continuing-generation students, social identification with the group of academics buffered test anxiety and helped them maintain satisfaction with studying over time. We could not find these direct effects within the group of first-generation students. Instead, first-generation students were more sensitive to effects of test anxiety on satisfaction with studying and vice versa over time. The results suggest that first-generation students might be more sensitive to the anticipation of academic failure. Furthermore, continuing-generation students’ social identification with the group of academics might have buffered them against the impact of negative experiences during the entry phase at university. Taken together, our findings underscore that deficit-driven approaches focusing solely on first-generation status may not be sufficient to fully understand the importance of parental educational background for students’ well-being. More specifically, continuing-generation students might reap benefits from their parental educational background. These benefits widen the social gap in academia in addition to the disadvantages of students with first-generation status. In sum, understanding the benefits of continuing-generation status has important implications for interventions aiming to reduce social class gaps in academia