Smart Ticket Protection: An Architecture for Cyber-Protecting Physical Tickets Using Digitally Signed Random Pattern Markers

In order to counter forgeries of tickets for public transport or mass events, a method to validate them, using printed unique random pattern markers was developed. These markers themselves are unforgeable by their physically random distribution. To assure their authenticity, however, they have to be cryptographically protected and equipped with an environment for successful validation, combining physical and cyber security protection. This paper describes an architecture for cryptographically protecting these markers, which are stored in Aztec codes on physical tickets, in order to assure that only an authorized printer can generate a valid Aztec code of such a pattern, thus providing forge protection in combination with the randomness and uniqueness of the pattern. Nevertheless, the choice of the signature algorithm is heavily constrained by the sizes of the pattern, ticket provider data, metadata and the signature confronted by the data volume the code hold. Therefore, this paper also defines an example for a signature layout for the proposed architecture. This allows for a lightweight ticket validation system that is both physically and cryptographically secured to form a smart solution for mass access verification for both shorter to longer periods at relatively low cost.Comment: 4 pages, 2 figure

Towards a Secure Smart Grid Storage Communications Gateway

This research in progress paper describes the role of cyber security measures undertaken in an ICT system for integrating electric storage technologies into the grid. To do so, it defines security requirements for a communications gateway and gives detailed information and hands-on configuration advice on node and communication line security, data storage, coping with backend M2M communications protocols and examines privacy issues. The presented research paves the road for developing secure smart energy communications devices that allow enhancing energy efficiency. The described measures are implemented in an actual gateway device within the HORIZON 2020 project STORY, which aims at developing new ways to use storage and demonstrating these on six different demonstration sites.Comment: 6 pages, 2 figure

Approaching the Automation of Cyber Security Testing of Connected Vehicles

The advancing digitalization of vehicles and automotive systems bears many advantages for creating and enhancing comfort and safety-related systems ranging from drive-by-wire, inclusion of advanced displays, entertainment systems up to sophisticated driving assistance and autonomous driving. It, however, also contains the inherent risk of being used for purposes that are not intended for, raging from small non-authorized customizations to the possibility of full-scale cyberattacks that affect several vehicles to whole fleets and vital systems such as steering and engine control. To prevent such conditions and mitigate cybersecurity risks from affecting the safety of road traffic, testing cybersecurity must be adopted into automotive testing at a large scale. Currently, the manual penetration testing processes cannot uphold the increasing demand due to time and cost to test complex systems. We propose an approach for an architecture that (semi-)automates automotive cybersecurity test, allowing for more economic testing and therefore keeping up to the rising demand induced by new vehicle functions as well as the development towards connected and autonomous vehicles.Comment: 3 pages, 1 figure, Central European Cybersecurity Conference 2019 (CECC2019), Munic

Integrating Threat Modeling and Automated Test Case Generation into Industrialized Software Security Testing

Industrial Internet of Things (IIoT) application provide a whole new set of possibilities to drive efficiency of industrial production forward. However, with the higher degree of integration among systems, comes a plethora of newthreats to the latter, as they are not yet designed to be broadly reachable and interoperable. To mitigate these vast amount of new threats, systematic and automated test methods are necessary. This comprehensiveness can be achieved by thorough threat modeling. In order to automate security test, we present an approach to automate the testing process from threat modeling onward, closing the gap between threat modeling and automated test case generation.Comment: 3 pages, 1 figure, Central European Cybersecurity Conference 2019 (CECC2019), Munic

An Overview of Wireless IoT Protocol Security in the Smart Home Domain

While the application of IoT in smart technologies becomes more and more proliferated, the pandemonium of its protocols becomes increasingly confusing. More seriously, severe security deficiencies of these protocols become evident, as time-to- market is a key factor, which satisfaction comes at the price of a less thorough security design and testing. This applies especially to the smart home domain, where the consumer-driven market demands quick and cheap solutions. This paper presents an overview of IoT application domains and discusses the most important wireless IoT protocols for smart home, which are KNX-RF, EnOcean, Zigbee, Z-Wave and Thread. Finally, it describes the security features of said protocols and compares them with each other, giving advice on whose protocols are more suitable for a secure smart home.Comment: 8 pages, 4 figure

Knowing one’s place : parental educational background influences social identification with academia, test anxiety, and satisfaction with studying at university

First-generation students (i.e., students whose parents did not attend university) often experience difficulties fitting in with the social environment at universities. This experience of personal misfit is supposedly associated with an impaired social identification with their aspired in-group of academics compared to continuing-generation students (i.e., students with at least one parent with an academic degree. In this article, we investigate how the postulated differences in social identification with the group of academics affect first-generation students’ satisfaction with studying and test anxiety over time. We assume that first-generation students’ impaired social identification with the group of academics leads to decreased satisfaction with studying and aggravated test anxiety over the course of the first academic year. In a longitudinal study covering students’ first year at a German university, we found that continuing-generation students consistently identified more strongly with their new in-group of academics than first-generation students. The influence of social identification on test anxiety and satisfaction with studying differed between groups. For continuing-generation students, social identification with the group of academics buffered test anxiety and helped them maintain satisfaction with studying over time. We could not find these direct effects within the group of first-generation students. Instead, first-generation students were more sensitive to effects of test anxiety on satisfaction with studying and vice versa over time. The results suggest that first-generation students might be more sensitive to the anticipation of academic failure. Furthermore, continuing-generation students’ social identification with the group of academics might have buffered them against the impact of negative experiences during the entry phase at university. Taken together, our findings underscore that deficit-driven approaches focusing solely on first-generation status may not be sufficient to fully understand the importance of parental educational background for students’ well-being. More specifically, continuing-generation students might reap benefits from their parental educational background. These benefits widen the social gap in academia in addition to the disadvantages of students with first-generation status. In sum, understanding the benefits of continuing-generation status has important implications for interventions aiming to reduce social class gaps in academia