Education in Cyber Physical Systems Security: The Case of Connected Autonomous Vehicles

The automotive industry is a dynamic industry that is constantly evolving and changing with the advancements of technology. As cars become more technology dependent, the threat landscape and likelihood of a cyber-attack becomes greater and inherently larger as issues arise. With the introduction to automation and increased use of embedded systems and infotainment systems, modern cars have become a pillar piece of the Internet of Things network. This research details an in-depth study into the vulnerabilities and risks surrounding the current and future state of the automotive industry, highlights the most safety-critical components of the modern car, providing a holistic threat landscape to improve security awareness and posture regarding automotive security. It also demonstrates the utilisation of this analysis with the integration of an education package built on top of a hardware module based on a Raspberry Pi, that emulates its own CAN Bus network that individuals can interact with as if it was a vehicle to provide education on CAN hacking. This device has the potential to be attached to education ranges and labs which can help educate individuals on different security skills to help improve security awareness and knowledge

Distributed and biometric signature-based identity proofing system for the maritime sector

The maritime sector is an industry that faces significant and various challenges related to cyber security and data management, such as fraud and user authentication. Therefore, there is a need for a secure solution that can effectively manage data transactions while resolving digital identity. A biometric signature application in blockchain for fighting fraud and fake identities may provide a solution in the maritime sector. This research proposes a biometric signature and an IPFS network-blockchain framework to address these challenges. This paper also discusses the proposed framework's cyber security challenges that threaten behavioral biometric security

Age and gender as cyber attribution features in keystroke dynamic-based user classification processes.

Keystroke dynamics are used to authenticate users, to reveal some of their inherent or acquired characteristics and to assess their mental and physical states. The most common features utilized are the time intervals that the keys remain pressed and the time intervals that are required to use two consecutive keys. This paper examines which of these features are the most important and how utilization of these features can lead to better classification results. To achieve this, an existing dataset consisting of 387 logfiles is used, five classifiers are exploited and users are classified by gender and age. The results, while demonstrating the application of these two characteristics jointly on classifiers with high accuracy, answer the question of which keystroke dynamics features are more appropriate for classification with common classifiers

Detecting User Behavior in Cyber Threat Intelligence: Development of Honeypsy System.

This research demonstrates a design of an experiment of a hacker infiltrating a server where it is assumed that the communication between the hacker and the target server is established, and the hacker also escalated his rights on the server. Therefore, the honeypot server setup has been designed to reveal the correlation of a hacker’s actions with that of the hacker’s experience, personality, expertise, and psychology. To the best of our knowledge, such a design of experiment has never been tested rigorously on a honeypot implementation except for self-reporting tests applied to hackers in the literature. However, no study evaluates the actual data of these hackers and these tests. This study also provides a honeypot design to understand the personality and expertise of the hacker and displays the correlation of these data with the tests. Our Honeypsy system is composed of a Big-5 personality test, a cyber expertise test, and a capture-the-flag (CTF) event to collect logs with honeypot applied in this sequence. These three steps generate data on the expertise and psychology of known cyber hackers. The logs of the known hacker activities on honeypots are obtained through the CTF event that they have participated in. The design and deployment of a honeypot, as well as the CTF event, were specifically prepared for this research. Our aim is to predict an unknown hacker's expertise and personality by analyzing these data. By examining/analyzing the data of the known hackers, it is now possible to make predictions about the expertise and personality of the unknown hackers. The same logic applies when one tries to predict the next move of the unknown hackers attacking the server. We have aimed to underline the details of the personalities and expertise of hackers and thus help the defense experts of victimized institutions to develop their cyber defense strategies in accordance with the modus operandi of the hackers

An information geometrical evaluation of Shannon information metrics on a discrete n-dimensional digital manifold

The definition and nature of information have perplexed scientists due to its dual nature in measurements. The information is discrete and continuous when evaluated on a metric scale, and the Laplace-Beltrami operator and Gauss-Bonnet Theorem can map one to another. On the other hand, defining the information as a discrete entity on the surface area of an n-dimensional discrete digital manifold provides a unique way of calculating the entropy of a manifold. The software simulation shows that the surface area of the discrete n-dimensional digital manifold is an effectively computable function. Moreover, it also provides the information-geometrical evaluation of Shannon information metrics

Privacy Goals for the Data Lifecycle

The introduction of Data Protection by Default and Design (DPbDD) brought in as part of the General Data Protection Regulation (GDPR) in 2018, has necessitated that businesses review how best to incorporate privacy into their processes in a transparent manner, so as to build trust and improve decisions around privacy best practice. To address this issue, this paper presents a 7-stage data lifecycle, supported by nine privacy goals that together, will help practitioners manage data holdings throughout data lifecycle. The resulting data lifecycle (7-DL) was created as part of the Ideal-Cities project, a Horizon-2020 Smart-city initiative, that seeks to facilitate data re-use and/or repurposed. We evaluate 7-DL through peer review and an exemplar worked example that applies the data lifecycle to a real-time life logging fire incident scenario, one of the Ideal-Cities use cases to demonstrate the applicability of the framework

Investigating IPTV Malware in the Wild

Technologies providing copyright-infringing IPTV content are commonly used as an illegal alternative to legal IPTV subscriptions and services, as they usually have lower monetary costs and can be more convenient for users who follow content from different sources. These infringing IPTV technologies may include websites, software, software add-ons, and physical set-top boxes. Due to the free or low cost of illegal IPTV technologies, illicit IPTV content providers will often resort to intrusive advertising, scams, and the distribution of malware to increase their revenue. We developed an automated solution for collecting and analysing malware from illegal IPTV technologies and used it to analyse a sample of illicit IPTV websites, application (app) stores, and software. Our results show that our IPTV Technologies Malware Analysis Framework (IITMAF) classified 32 of the 60 sample URLs tested as malicious compared to running the same test using publicly available online antivirus solutions, which only detected 23 of the 60 sample URLs as malicious. Moreover, the IITMAF also detected malicious URLs and files from 31 of the sample’s websites, one of which had reported ransomware behaviour

Data Sanitisation and Redaction for Cyber Threat Intelligence Sharing Platforms

The recent technological advances and the recent changes in the daily human activities increased the production and sharing of data. In the ecosystem of interconnected systems, data can be circulated among systems for various reasons. This could lead to exchange of private or sensitive information between entities. Data Sanitisation involves processes and practices that remove sensitive and private information from documents before sharing them with entities that should not be exposed to the removed information. This paper presents the design and development of a data sanitisation and redaction solution for a Cyber Threat Intelligence sharing platform. The Data Sanitisation and Redaction Plugin has been designed with the purpose of operating as a plugin for the ECHO Project’s Early Warning System platform and enhancing its operative capabilities during information sharing. This plugin aims to provide automated security and privacy-based controls to the concept of CTI sharing over a ticketing system. The plugin has been successfully tested and the results are presented in this paper

On the assessment of completeness and timeliness of actionable cyber threat intelligence artefacts

In this paper we propose an approach for hunting adversarial tactics technics and procedures (TTPs) by leveraging information described in structured cyber threat intelligence (CTI) models. We focused on the properties of timeliness and completeness of CTI indicators to drive the discovery of TTPs placed highly on the so-called Pyramid of Pain (PoP). We used the unit42 playbooks dataset to evaluate the proposed approach and illustrate the limitations and opportunities of a systematic intelligence sharing process for high pain TTP discovery

Trust and quality computation for cyber threat intelligence sharing platforms

Information sharing has been considered a critical solution against the ever-increasing complexity of cyber-attacks. In this effort Cyber Threat Intelligence is undergoing a process of increasing its maturity levels. The quantification of the quality of shared information and the assessment of trust amongst information sharing entities is an important part of the process. The Trust and Quality Tool has been designed as a tool with the aim of improving the trust in the relevancy of shared information by enabling an option to assess its trustworthiness and defining a set of metrics for trust and quality