Subscribe

Aim: Since the emergence of the Block Withholding (BWH) attack, the prevailing approach in the environment has been to avoid attacking each other as a means of eliminating the threat posed by this attack. However, there is currently no effective and simple scheme to entirely prevent such attacks. To address this issue, this study proposes a novel blockchain model that combines the discount factor and withdrawal threshold to resist the risks associated with these attacks.Methods: This paper provides an overview of blockchain models and the BWH attack. We constructed a network simulation model based on the physical logic of Bitcoin and introduced the discount factor and withdrawal threshold as new parameters to enhance the model's resistance to BWH attacks. We evaluated the effect of these parameters on the model's ability to defend against BWH attacks from the perspective of rewards.Results: This paper presents a novel blockchain model that integrates discount factors and withdrawal thresholds and examines attacker behavior in this model from a rewards-based perspective by comparing different computational environments. Our experimental data indicate that this model has significant advantages in resisting BWH attacks.Conclusion: The experimental results demonstrate that the proposed model is highly effective in resisting profit-driven BWH attacks, with a 98% chance of successfully resisting such attacks at a fixed computational power. This indicates that the proposed model can effectively eliminate the potential threat posed by BWH attacks. LESS      Full article

Aim: A blockchain provides data consistency and builds a fair mining environment for a network by using a consensus mechanism such as proof of work (PoW) and proof of stake. However, selfish mining is a well-known mining attack. It can reduce the fairness and destabilize the network, especially for a PoW-based blockchain. Therefore, in this paper, we propose a new approach, named the adaptive mining difficulty adjustment protocol, which can deter a selfish attack.Methods: We propose using the unit profit as an improved version of the relative revenue, because it is more flexible for calculating the miners’ profits in different periods and can be used to analyze repeated mining games. Based on the unit profit, we propose using the adaptive mining-difficulty adjustment protocol to reduce an attacker’s profit. Our protocol evaluates the effective hash power in a network more accurately and corrects the mining difficulty. Moreover, we introduce the discount factor and model the long-term profit to analyze the impact of a miner’s patience on its future profit.Results: We used an open-source simulator to simulate the competition between a selfish miner and an honest miner and determined their profits under different protocols. Our experimental results show that our protocol can effectively raise the attack threshold, but it reduces the total network profit if the attacker still attacks. However, the long-term profit model shows that a more patient attacker needs to invest more hash power and pay increased mining costs to maintain its attack.Conclusion: We conclude that, under our protocol, selfish attackers will tend to become honest miners if their hash power does not exceed the threshold, which means that our protocol can effectively deter selfish attacks and some variants of selfish attacks. Briefly, our protocol can correct the mining difficulty and leads to a more stable and fairer mining environment for a PoW-based blockchain. LESS      Full article

Aim: A fish farm is an area where fish are raised and bred for food. Fish farm environments support the care and management of seafood within a controlled environment. Over the past few decades, there has been a remarkable increase in the calorie intake of protein attributed to seafood. Along with this, there are significant opportunities within the fish farming industry for economic development. Determining the fish diseases, monitoring the aquatic organisms, and examining the imbalance in the water element are some key factors that require precise observation to determine the accuracy of the acquired data. Similarly, due to the rapid expansion of aquaculture, new technologies are constantly being implemented in this sector to enhance efficiency. However, the existing approaches have often failed to provide an efficient method of farming fish.Methods: This work has kept aside the traditional approaches and opened up new dimensions to perform accurate analysis by adopting distributed ledger technology. Our work analyses the current state-of-the-art of fish farming and proposes a fish farm ecosystem that relies on a private-by-design architecture based on the Hyperledger Fabric private-permissioned distributed ledger technology.Results: The proposed method puts forward accurate and secure storage of the retrieved data from multiple sensors across the ecosystem so that the adhering entities can exercise their decision based on the acquired data.Conclusion: This study demonstrates a proof-of-concept to signify the efficiency and usability of the future fish farm. LESS      Full article

Aim: The Internet of Things is a disruptive technology that converts physical objects into a constant source of information. Internet-connected devices bridge the gap between the physical and virtual worlds through their data-generating set of sensors. Due to the large-scale proliferation of Internet-of-Things systems into practically every sector of modern life, they have also become the centre of growing cybersecurity threats and attacks. This is exacerbated by the connectivity between different kinds of devices and the lack of standardisation to govern them. The majority of papers on the security of the Internet of Things discuss one attack or threat at a time, which could lead to a fragmented understanding of their overall security posture. The aim of this paper is to provide a concise review of attacks on an Internet-of-Things system, their impacts on IoT assets and possible countermeasures.Methods: We review the available layered representation and functional components of the Internet of Things. We then identify the system's assets and review the literature on IoT attacks. We categorise these attacks into groups using common classification criteria and map them against the assets they target. We also identify the possible impacts that these attacks could have on an IoT system. We explore a number of security controls that could be deployed to detect or prevent the attacks. Finally, we evaluate these countermeasures against the assets they protect and the impacts they intend to prevent.Results: To clearly show the security of IoT systems, we identify assets, categorise the different attacks and map them to the different components of an IoT system. Further, we identify the different countermeasures and evaluate their effectiveness against IoT assets and attacks.Conclusion: The paper provides a clear and concise description of IoT functional components and computational models. It also presents an anatomy of attacks on such a system. In addition, the main assets of a typical IoT system are identified and elaborated. The different types of attacks that can be launched in an IoT environment are categorised and mapped against the different functional components. Further, the different assets are identified and countermeasures are evaluated on their effectiveness to protect them. LESS      Full article

Aim: The paper proposes a novel risk assessment method ology for complex cyber-physical systems: The proposed method ology may assist risk assessors to: (a) assess the risks deriving from cyber and physical interactions among cyber-physical components; and (b) prioritize the control selection process for mitigating these risks.Methods: To achieve this, we combine and modify appropriately two recent risk assessment method ologies targeted to cyber physical systems and interactions, as underlying building blocks. By applying the existing method ology, we enable the utilization of well-known software vulnerability taxonomies, to extract vulnerability and impact submetrics for all the interactions among the system components. These metrics are then fed to the risk analysis phase in order to assess the overall cyber-physical risks and to prioritize the list of potential mitigation controls.Results: To validate the applicability and efficiency of the proposed method ology, we apply it in a realistic scenario involving supply chain tracking systems.Conclusion: Our results show that the proposed method ology can be effectively applied to capture the risks deriving from cyber and physical interactions among system components in realistic application scenarios, while for large scale networks further testing should be carried out. LESS      Full article

Aim: The imminent advent of large-scale quantum computers within the next years is expected to highly affect the security of several cryptosystems that are now considered secure; this mainly holds for classical, long-established, public key cryptographic algorithms such as RSA and elliptic curve cryptography. Apparently, any security protocol that relies on such ciphers, including the transport layer security (TLS) protocol which constitutes a somewhat de facto standard for the security on the web, will not be considered secure in the post-quantum era. To alleviate the security risks stemming from quantum computing, several proposals have been submitted to the relevant procedure initiated by NIST towards evaluating and standardizing one or more quantum-resistant public-key cryptographic algorithms. This paper focuses on embedding post-quantum secure cryptographic algorithms into the TLS protocol to analyze its performance. More precisely, the paper aims to analyze whether this transition to post-quantum secure algorithms will have a significant impact on the user experience due to the possible increase of client--server communication times.Methods: Having as the starting point several important works in the field, several experiments were carried out, using combinations of cloud and local virtual machines per case and considering all the post-quantum cryptographic algorithm finalists for key exchange from the third round of the ongoing NIST process, for various cryptographic as well as network parameters.Results: Our results exhibit that, for key exchange in TLS, the best performance among the post-quantum secure ciphers is achieved by the Saber and CRYSTAL-Kyber variants for all security levels, regardless of the underlying computing power. The performance is comparable to that of the corresponding one achieved by a classical elliptic curve algorithm for key exchange for both RTT and packet loss ratio — i.e., the network parameters seem to have the same effect on post-quantum secure algorithms as in the case of a conventional elliptic curve algorithm. However, the effect of the network parameters on the performance is more crucial than the effect of the underlying chosen ciphers.Conclusion: According to the experiments, we conclude that there exist very promising algorithms that could be utilized in TLS in the near future, which may behave even better than the conventional elliptic curve algorithms for key exchange. It should also be pointed out that NIST announced on 5 July 2022 (i.e., after the completion of our research experiments) that, for general encryption used when we access secure websites, the CRYSTALS-Kyber algorithm has been selected, having as one of its advantages the speed of operation. Hence, the results of our paper are fully in line with the progress of the NIST process. Taking into account that the NIST process is still ongoing (now in its fourth round) with the aim to select more algorithms, as well as that some algorithms may be standardized outside NIST, it becomes evident that our results provide very useful insights on performance aspects of the post-quantum secure algorithms. LESS      Full article

Designing a secure and efficient anonymous authentication protocol for roaming services in global mobile networks is a hot topic in the field of information security protocols. Based on the widely accepted attacker model, this paper analyzes the security of three representative anonymous authentication protocols in global mobile networks. It is pointed out that: (1) Xu et al.’s protocol cannot resist the claimed offline password guessing attack and mobile user impersonation attack, and do not achieve mobile user untraceability and forward security; (2) Gupta et al.’s protocol cannot resist offline password guessing attacks, and temporary information disclosure attacks; (3) Madhusudhan et al.’s protocol cannot resist mobile user impersonation attack, foreign agent impersonation attack, replay attack, offline password guessing attack and session key disclosure attack, and cannot realize the anonymity and untraceability and forward security of users. It is emphasized that the fundamental reason for the failure of these protocols lies in the violation of the four basic principles of protocol design: Public key principle, Forward security principle, User anonymity principle and Anti offline guessing attack principle. The specific mistakes of these schemes are clarified, and the corresponding correction methods are proposed. LESS      Full article

Nowadays, the number of people that utilize either digital applications or machines is increasing exponentially. Therefore, trustworthy verification schemes are required to ensure security and to authenticate the identity of an individual. Since traditional passwords have become more vulnerable to attack, the need to adopt new verification schemes is now compulsory. Biometric traits have gained significant interest in this area in recent years due to their uniqueness, ease of use and development, user convenience and security. Biometric traits cannot be borrowed, stolen or forgotten like traditional passwords or RFID cards. Fingerprints represent one of the most utilized biometric factors. In contrast to popular opinion, fingerprint recognition is not an inviolable technique. Given that biometric authentication systems are now widely employed, fingerprint presentation attack detection has become crucial. In this review, we investigate fingerprint presentation attack detection by highlighting the recent advances in this field and addressing all the disadvantages of the utilization of fingerprints as a biometric authentication factor. Both hardware- and software-based state-of-the-art methods are thoroughly presented and analyzed for identifying real fingerprints from artificial ones to help researchers to design securer biometric systems. LESS      Full article

Aim: A smart toy robot has its intellect with circuits on board. It has a built-in microprocessor, sensors of one or more types, a mechanical system including moving parts, and some firmware to control and tie the parts together. The embedded sensors and devices help to create their functionality. These devices include wireless communication for data transfer. One such device for wireless communication is Bluetooth, which can be dangerous due to attack vulnerabilities, especially on Bluetooth Low Energy (BLE) devices.Methods: In addition to discovering vulnerabilities in Bluetooth communication, common issues have been identified, including related attacks, threats, malware, and vulnerabilities. To identify specific attacks for Bluetooth devices used in smart toys, this study adopted Qoopers, a robot capable of integrating different devices into its model. Qoopers was tested using security frameworks to simulate attacks.Results: We found that devices with BLE are more susceptible to attack. Qoopers was exposed to security frameworks used in restricted conditions, demonstrating that they can be hacked using a man-in-the-middle (MITM) attack and eavesdropping on data transfer. This paper also discusses solutions to prevent Bluetooth attacks.Conclusion: Bluetooth communication is vulnerable to different attacks, including MITM. This happens even with Qoopers robot when it is reprogrammed with customized applications with less security. These smart toy robots are used mainly by children under 16, who can make mistakes by ignoring security, focusing only on functionality, increasing the risk of personal information theft and other threats. LESS      Full article

Maintaining safe operations in cyber physical systems is a complex task that must account for system degradation over time, since unexpected failures can result in the loss of life and property. Operational failures may be attributed to component degradation and disturbances in the environment that adversely impact system performance. Components in a CPS typically degrade at different rates, and, therefore, require continual monitoring to avoid unexpected failures. Moreover, the effects of multiple degrading components on system performance may be hard to predict. Developing and maintaining accurate physics-based system models can be expensive. Typically, it is infeasible to run a true system to failure, so researchers and practitioners have resorted to using data-driven techniques to better evaluate the effect of degrading components on overall system performance. However, sufficiently organized datasets of system operation are not readily available; the output of existing simulations is not organized to facilitate the use of data-driven machine learning techniques for prognostics. As a step toward addressing this problem, in this paper, we develop a data management framework and an end-to-end simulation testbed to generate such data. The framework facilitates the development and comparison of various system-level prognostics algorithms. We adopt a standard data-centered design methodology, combined with a model based engineering approach, to create a data management framework that address data integrity problems and facilitates the generation of reproducible results. We present an ontological design methodology centered around assets, processes, and data, and, as a proof of concept, develop an unmanned aerial vehicle (UAV) system operations database that captures operational data for UAVs with multiple degrading components operating in uncertain environments.Aim: The purpose of this work is to provide a systematic approach to data generation, curation, and storage that supports studies in fault management and system-level prognostics for real-world and simulated operations. We use a data-driven simulation-based approach to enable reliable and reproducible studies in system-level prognostics. This is accomplished with a data management methodology that enforces constraints on data types and interfaces, and decouples various parts of the simulation to enable proper links with related metadata. The goal is to provide a framework that facilitates data analysis and the development of data-driven models for prognostics using machine learning methods. We discuss the importance of systematic data management framework to support data generation with a simulation environment that generates operational data. We describe a standard framework for data management in the context of run-to-failure simulations, and develop a database schema and an API in MATLAB^® and Python to support system-level prognostics analyses.Methods: A systematic approach to defining a data management framework for the study of prognostics applications is a central piece of this work. A second important contribution is the design of a Monte Carlo simulation environment to generate run to failure data for CPS with multiple degrading components. We adopt a bottom-up approach, starting with requirements and specifications, then move into functionality and constraints. With this framework, we use a Monte-Carlo simulation approach to generate data for developing and testing a variety of system-level prognostics algorithms.Results: We have developed a data management framework that can handle high dimensional and complex data generated from real or simulated systems for the study of prognostics. In this paper, we show the advantages of a well-organized data management framework for tracking high-fidelity data with high confidence for complex, dynamic CPS. Such frameworks impose data logging discipline and facilitate downstream uses for developing and comparing different data-driven monitoring, diagnostics, and system-level prognostics algorithms.Conclusions: In this paper, we demonstrate the design, development, and use of an asset, process, and data management framework for the research to develop prognostics & health management applications. This work helps fill a gap for system-level remaining useful life studies by providing a comprehensive simulation environment that can generate run to failure data, and a data management architecture that addresses the needs for system-level prognostics research. The framework is demonstrated with a Monte-Carlo simulation of a UAV system that operates multiple flights under different environmental conditions and degradation sources. This architecture for data management will enable researchers to conduct more complex experiments for a variety of cyber physical systems applications. LESS      Full article