Articles
-
Towards the creation of the future fish farm
J Surveill Secur Saf 2023;4:1-13. DOI: 10.20517/jsss.2022.16AbstractAim: A fish farm is an area where fish are raised and bred for food. ... MOREAim: A fish farm is an area where fish are raised and bred for food. Fish farm environments support the care and management of seafood within a controlled environment. Over the past few decades, there has been a remarkable increase in the calorie intake of protein attributed to seafood. Along with this, there are significant opportunities within the fish farming industry for economic development. Determining the fish diseases, monitoring the aquatic organisms, and examining the imbalance in the water element are some key factors that require precise observation to determine the accuracy of the acquired data. Similarly, due to the rapid expansion of aquaculture, new technologies are constantly being implemented in this sector to enhance efficiency. However, the existing approaches have often failed to provide an efficient method of farming fish.Methods: This work has kept aside the traditional approaches and opened up new dimensions to perform accurate analysis by adopting distributed ledger technology. Our work analyses the current state-of-the-art of fish farming and proposes a fish farm ecosystem that relies on a private-by-design architecture based on the Hyperledger Fabric private-permissioned distributed ledger technology.Results: The proposed method puts forward accurate and secure storage of the retrieved data from multiple sensors across the ecosystem so that the adhering entities can exercise their decision based on the acquired data.Conclusion: This study demonstrates a proof-of-concept to signify the efficiency and usability of the future fish farm. LESS Full articleOriginal Article|Published on: 1 Jan 2023 -
Anatomy of attacks on IoT systems: review of attacks, impacts and countermeasures
J Surveill Secur Saf 2022;3:150-73. DOI: 10.20517/jsss.2022.07AbstractAim: The Internet of Things is a disruptive technology that converts physical objects into a ... MOREAim: The Internet of Things is a disruptive technology that converts physical objects into a constant source of information. Internet-connected devices bridge the gap between the physical and virtual worlds through their data-generating set of sensors. Due to the large-scale proliferation of Internet-of-Things systems into practically every sector of modern life, they have also become the centre of growing cybersecurity threats and attacks. This is exacerbated by the connectivity between different kinds of devices and the lack of standardisation to govern them. The majority of papers on the security of the Internet of Things discuss one attack or threat at a time, which could lead to a fragmented understanding of their overall security posture. The aim of this paper is to provide a concise review of attacks on an Internet-of-Things system, their impacts on IoT assets and possible countermeasures.Methods: We review the available layered representation and functional components of the Internet of Things. We then identify the system's assets and review the literature on IoT attacks. We categorise these attacks into groups using common classification criteria and map them against the assets they target. We also identify the possible impacts that these attacks could have on an IoT system. We explore a number of security controls that could be deployed to detect or prevent the attacks. Finally, we evaluate these countermeasures against the assets they protect and the impacts they intend to prevent.Results: To clearly show the security of IoT systems, we identify assets, categorise the different attacks and map them to the different components of an IoT system. Further, we identify the different countermeasures and evaluate their effectiveness against IoT assets and attacks.Conclusion: The paper provides a clear and concise description of IoT functional components and computational models. It also presents an anatomy of attacks on such a system. In addition, the main assets of a typical IoT system are identified and elaborated. The different types of attacks that can be launched in an IoT environment are categorised and mapped against the different functional components. Further, the different assets are identified and countermeasures are evaluated on their effectiveness to protect them. LESS Full articleOriginal Article|Published on: 5 Dec 2022 -
Risk assessment and control selection for cyber-physical systems: a case study on supply chain tracking systems
J Surveill Secur Saf 2022;3:128-49. DOI: 10.20517/jsss.2022.17AbstractAim: The paper proposes a novel risk assessment method ology for complex cyber-physical systems: ... MOREAim: The paper proposes a novel risk assessment method ology for complex cyber-physical systems: The proposed method ology may assist risk assessors to: (a) assess the risks deriving from cyber and physical interactions among cyber-physical components; and (b) prioritize the control selection process for mitigating these risks.Methods: To achieve this, we combine and modify appropriately two recent risk assessment method ologies targeted to cyber physical systems and interactions, as underlying building blocks. By applying the existing method ology, we enable the utilization of well-known software vulnerability taxonomies, to extract vulnerability and impact submetrics for all the interactions among the system components. These metrics are then fed to the risk analysis phase in order to assess the overall cyber-physical risks and to prioritize the list of potential mitigation controls.Results: To validate the applicability and efficiency of the proposed method ology, we apply it in a realistic scenario involving supply chain tracking systems.Conclusion: Our results show that the proposed method ology can be effectively applied to capture the risks deriving from cyber and physical interactions among system components in realistic application scenarios, while for large scale networks further testing should be carried out. LESS Full articleOriginal Article|Published on: 28 Oct 2022 -
Evaluating the performance of post-quantum secure algorithms in the TLS protocol
J Surveill Secur Saf 2022;3:101-27. DOI: 10.20517/jsss.2022.15AbstractAim: The imminent advent of large-scale quantum computers within the next years is expected to ... MOREAim: The imminent advent of large-scale quantum computers within the next years is expected to highly affect the security of several cryptosystems that are now considered secure; this mainly holds for classical, long-established, public key cryptographic algorithms such as RSA and elliptic curve cryptography. Apparently, any security protocol that relies on such ciphers, including the transport layer security (TLS) protocol which constitutes a somewhat de facto standard for the security on the web, will not be considered secure in the post-quantum era. To alleviate the security risks stemming from quantum computing, several proposals have been submitted to the relevant procedure initiated by NIST towards evaluating and standardizing one or more quantum-resistant public-key cryptographic algorithms. This paper focuses on embedding post-quantum secure cryptographic algorithms into the TLS protocol to analyze its performance. More precisely, the paper aims to analyze whether this transition to post-quantum secure algorithms will have a significant impact on the user experience due to the possible increase of client--server communication times.Methods: Having as the starting point several important works in the field, several experiments were carried out, using combinations of cloud and local virtual machines per case and considering all the post-quantum cryptographic algorithm finalists for key exchange from the third round of the ongoing NIST process, for various cryptographic as well as network parameters.Results: Our results exhibit that, for key exchange in TLS, the best performance among the post-quantum secure ciphers is achieved by the Saber and CRYSTAL-Kyber variants for all security levels, regardless of the underlying computing power. The performance is comparable to that of the corresponding one achieved by a classical elliptic curve algorithm for key exchange for both RTT and packet loss ratio — i.e., the network parameters seem to have the same effect on post-quantum secure algorithms as in the case of a conventional elliptic curve algorithm. However, the effect of the network parameters on the performance is more crucial than the effect of the underlying chosen ciphers.Conclusion: According to the experiments, we conclude that there exist very promising algorithms that could be utilized in TLS in the near future, which may behave even better than the conventional elliptic curve algorithms for key exchange. It should also be pointed out that NIST announced on 5 July 2022 (i.e., after the completion of our research experiments) that, for general encryption used when we access secure websites, the CRYSTALS-Kyber algorithm has been selected, having as one of its advantages the speed of operation. Hence, the results of our paper are fully in line with the progress of the NIST process. Taking into account that the NIST process is still ongoing (now in its fourth round) with the aim to select more algorithms, as well as that some algorithms may be standardized outside NIST, it becomes evident that our results provide very useful insights on performance aspects of the post-quantum secure algorithms. LESS Full articleOriginal Article|Published on: 29 Sep 2022 -
A comparison study to detect seam carving forgery in JPEG images with deep learning models
J Surveill Secur Saf 2022;3:88-100. DOI: 10.20517/jsss.2022.02AbstractAim: Although deep learning has been applied in image forgery detection, to our knowledge, it ... MOREAim: Although deep learning has been applied in image forgery detection, to our knowledge, it still falls short of a comprehensive comparison study in detecting seam-carving images in multimedia forensics by comparing the popular deep learning models, which is addressed in this study.Methods: To investigate the performance in detecting seam-carving-based image forgery with popular deep learning models that were used in image forensics, we compared nine different deep learning models in detecting untouched JPEG images, seam-insertion images, and seam removal images (three-class classification), and in distinguishing modified seam-carving images from untouched JPEG images (binary classification). We also investigate the different learning algorithms with the Efficientnet-B5 in adjusting the learning rate with three popular optimizers in deep learning.Results: Our study shows that EfficientNet performs the best among the nine different deep learning frameworks, followed by SRnet, and LFnet. Different algorithms for adjusting the learning rate result in different detection testing accuracy with Efficientnet-B5. In our experiments, decouples the optimal choice of weight decay factor from the setting of the learning rate (AdamW) is generally superior to Adaptive Moment Estimation (Adam) and Stochastic Gradient Descent (SGD). Our study also indicates that deep learning is very promising for image forensics, such as the detection of image forgery.Conclusion: Deep learning is very promising in image forensics that is hardly discernable to human perceptions, but the performance varies over different learning models and frameworks. In addition to the models, the optimizer has a considerable impact on the final detection performance. We would recommend EfficientNet, LFnet and SRnet for seam-carving detection. LESS Full articleOriginal Article|Published on: 24 Aug 2022 -
A data-centric approach to the study of system-level prognostics for cyber physical systems: application to safe UAV operations
J Surveill Secur Saf 2022;3:55-87. DOI: 10.20517/jsss.2022.04AbstractMaintaining safe operations in cyber physical systems is a complex task that must account for ... MOREMaintaining safe operations in cyber physical systems is a complex task that must account for system degradation over time, since unexpected failures can result in the loss of life and property. Operational failures may be attributed to component degradation and disturbances in the environment that adversely impact system performance. Components in a CPS typically degrade at different rates, and, therefore, require continual monitoring to avoid unexpected failures. Moreover, the effects of multiple degrading components on system performance may be hard to predict. Developing and maintaining accurate physics-based system models can be expensive. Typically, it is infeasible to run a true system to failure, so researchers and practitioners have resorted to using data-driven techniques to better evaluate the effect of degrading components on overall system performance. However, sufficiently organized datasets of system operation are not readily available; the output of existing simulations is not organized to facilitate the use of data-driven machine learning techniques for prognostics. As a step toward addressing this problem, in this paper, we develop a data management framework and an end-to-end simulation testbed to generate such data. The framework facilitates the development and comparison of various system-level prognostics algorithms. We adopt a standard data-centered design methodology, combined with a model based engineering approach, to create a data management framework that address data integrity problems and facilitates the generation of reproducible results. We present an ontological design methodology centered around assets, processes, and data, and, as a proof of concept, develop an unmanned aerial vehicle (UAV) system operations database that captures operational data for UAVs with multiple degrading components operating in uncertain environments.Aim: The purpose of this work is to provide a systematic approach to data generation, curation, and storage that supports studies in fault management and system-level prognostics for real-world and simulated operations. We use a data-driven simulation-based approach to enable reliable and reproducible studies in system-level prognostics. This is accomplished with a data management methodology that enforces constraints on data types and interfaces, and decouples various parts of the simulation to enable proper links with related metadata. The goal is to provide a framework that facilitates data analysis and the development of data-driven models for prognostics using machine learning methods. We discuss the importance of systematic data management framework to support data generation with a simulation environment that generates operational data. We describe a standard framework for data management in the context of run-to-failure simulations, and develop a database schema and an API in MATLAB® and Python to support system-level prognostics analyses.Methods: A systematic approach to defining a data management framework for the study of prognostics applications is a central piece of this work. A second important contribution is the design of a Monte Carlo simulation environment to generate run to failure data for CPS with multiple degrading components. We adopt a bottom-up approach, starting with requirements and specifications, then move into functionality and constraints. With this framework, we use a Monte-Carlo simulation approach to generate data for developing and testing a variety of system-level prognostics algorithms.Results: We have developed a data management framework that can handle high dimensional and complex data generated from real or simulated systems for the study of prognostics. In this paper, we show the advantages of a well-organized data management framework for tracking high-fidelity data with high confidence for complex, dynamic CPS. Such frameworks impose data logging discipline and facilitate downstream uses for developing and comparing different data-driven monitoring, diagnostics, and system-level prognostics algorithms.Conclusions: In this paper, we demonstrate the design, development, and use of an asset, process, and data management framework for the research to develop prognostics & health management applications. This work helps fill a gap for system-level remaining useful life studies by providing a comprehensive simulation environment that can generate run to failure data, and a data management architecture that addresses the needs for system-level prognostics research. The framework is demonstrated with a Monte-Carlo simulation of a UAV system that operates multiple flights under different environmental conditions and degradation sources. This architecture for data management will enable researchers to conduct more complex experiments for a variety of cyber physical systems applications. LESS Full articleOriginal Article|Published on: 30 Jun 2022
See more
Most Cited Papers In Last Two Years
-
Revisiting three anonymous two-factor authentication schemes for roaming service in global mobility networks
J Surveill Secur Saf 2021;2:66-82. DOI: 10.20517/jsss.2020.28AbstractDesigning a secure and efficient anonymous authentication protocol for roaming services in global mobile networks ... MOREDesigning a secure and efficient anonymous authentication protocol for roaming services in global mobile networks is a hot topic in the field of information security protocols. Based on the widely accepted attacker model, this paper analyzes the security of three representative anonymous authentication protocols in global mobile networks. It is pointed out that: (1) Xu et al.’s protocol cannot resist the claimed offline password guessing attack and mobile user impersonation attack, and do not achieve mobile user untraceability and forward security; (2) Gupta et al.’s protocol cannot resist offline password guessing attacks, and temporary information disclosure attacks; (3) Madhusudhan et al.’s protocol cannot resist mobile user impersonation attack, foreign agent impersonation attack, replay attack, offline password guessing attack and session key disclosure attack, and cannot realize the anonymity and untraceability and forward security of users. It is emphasized that the fundamental reason for the failure of these protocols lies in the violation of the four basic principles of protocol design: Public key principle, Forward security principle, User anonymity principle and Anti offline guessing attack principle. The specific mistakes of these schemes are clarified, and the corresponding correction methods are proposed. LESS Full articleReview|Published on: 29 Jun 2021 -
A comprehensive survey of fingerprint presentation attack detection
J Surveill Secur Saf 2021;2:117-61. DOI: 10.20517/jsss.2021.07AbstractNowadays, the number of people that utilize either digital applications or machines is increasing exponentially. ... MORENowadays, the number of people that utilize either digital applications or machines is increasing exponentially. Therefore, trustworthy verification schemes are required to ensure security and to authenticate the identity of an individual. Since traditional passwords have become more vulnerable to attack, the need to adopt new verification schemes is now compulsory. Biometric traits have gained significant interest in this area in recent years due to their uniqueness, ease of use and development, user convenience and security. Biometric traits cannot be borrowed, stolen or forgotten like traditional passwords or RFID cards. Fingerprints represent one of the most utilized biometric factors. In contrast to popular opinion, fingerprint recognition is not an inviolable technique. Given that biometric authentication systems are now widely employed, fingerprint presentation attack detection has become crucial. In this review, we investigate fingerprint presentation attack detection by highlighting the recent advances in this field and addressing all the disadvantages of the utilization of fingerprints as a biometric authentication factor. Both hardware- and software-based state-of-the-art methods are thoroughly presented and analyzed for identifying real fingerprints from artificial ones to help researchers to design securer biometric systems. LESS Full articleReview|Published on: 27 Oct 2021 -
Advanced fault-tolerant visual multi-secret sharing scheme
J Surveill Secur Saf 2022;3:41-54. DOI: 10.20517/jsss.2021.29AbstractAim: In visual cryptography, a secret image is encrypted into two meaningless random images called ... MOREAim: In visual cryptography, a secret image is encrypted into two meaningless random images called shares. These two shares can be stacked to recover the secret image without any calculations. However, because of the alignment problem in the decryption phase, risk of poor quality of the restored image exists. Encrypting multiple secrets on two images simultaneously can improve execution efficiency.Methods: Let 7 × 7 pixels be a unit; this paper designs a codebook for any unit in the secret images by using a random grid. Besides, this paper shows a general shifting approach that can embed N (≥ 2) secret images simultaneously with adjustable distortion.Results: This paper provides a visual multi-secret sharing scheme without pixel expansion; the proposed scheme can encrypt more than two secret images into two shares simultaneously. During decoding, aligning the shares precisely is not necessary.Conclusion: Theoretical analysis and simulation results indicate the effectiveness and practicality of the proposed scheme. LESS Full articleOriginal Article|Published on: 20 May 2022 -
Residual energy-based clustering in UAV-aided wireless sensor networks for surveillance and monitoring applications
J Surveill Secur Saf 2021;2:103-16. DOI: 10.20517/jsss.2020.23AbstractAim: Unmanned aerial vehicle (UAV)-aided wireless sensor networks (WSNs) are effectively used for surveillance, monitoring, ... MOREAim: Unmanned aerial vehicle (UAV)-aided wireless sensor networks (WSNs) are effectively used for surveillance, monitoring, and rescue applications in military and commercial domains. In UAV-aided WSNs (UWSNs), efficient data gathered from sensor nodes are desired to enhance network performance. However, communication between UAV and sensor nodes is challenging due to the high mobility of the UAV and a large number of sensor nodes. Clustering in UWSNs limits the number of sensor nodes communicating with the UAV, i.e., only the cluster head in a cluster can transmit the sensed data to the UAV, which reduces collision probability.Methods: In this paper, we propose a residual energy-based clustering algorithm for sensor-to-UAV communication in UWSNs. The cluster size and the number of sensor nodes in a cluster are determined on the basis of the residual energy of the sensor nodes. The performance of the proposed algorithm is evaluated by using the MATLAB simulator and then compared with that of the conventional clustering algorithm.Results: According to our extensive simulation results, the proposed clustering scheme significantly outperforms the conventional one in terms of network lifetime and data delivery ratio.Conclusion: Hence, through our studies and simulations, it can be assured that the network lifetime of UWSNs can be prolonged and the throughput of the network can also be elevated by controlling the early death of sensor nodes due to the uneven energy consumptions. We will come up with further analysis and validation of our work in the future. LESS Full articleOriginal Article|Published on: 28 Sep 2021
See more
About The Journal
-
ISSN
2694-1015 (Online)
Publisher
OAE Publishing Inc.
Article Processing Charges
$600
-
Editor-in-Chief
Sitharama Iyengar Sundaraja
Publishing Model
Gold Open Access
Copyright
Copyright is retained by author(s)
-
Publication Frequency
Quarterly
Indexing
Open Archives
-
Portico
All published articles are preserved here permanently:
https://www.portico.org/publishers/oae/