With the rapid development of cloud manufacturing technology and the new generation of artificial intelligence technology,the new cloud manufacturing system(NCMS)built on the connotation of cloud manufacturing 3.0 pre...With the rapid development of cloud manufacturing technology and the new generation of artificial intelligence technology,the new cloud manufacturing system(NCMS)built on the connotation of cloud manufacturing 3.0 presents a new business model of“Internet of everything,intelligent leading,data driving,shared services,cross-border integration,and universal innovation”.The network boundaries are becoming increasingly blurred,NCMS is facing security risks such as equipment unauthorized use,account theft,static and extensive access control policies,unauthorized access,supply chain attacks,sensitive data leaks,and industrial control vulnerability attacks.Traditional security architectures mainly use information security technology,which cannot meet the active security protection requirements of NCMS.In order to solve the above problems,this paper proposes an integrated cloud-edge-terminal security system architecture of NCMS.It adopts the zero trust concept and effectively integrates multiple security capabilities such as network,equipment,cloud computing environment,application,identity,and data.It adopts a new access control mode of“continuous verification+dynamic authorization”,classified access control mechanisms such as attribute-based access control,rolebased access control,policy-based access control,and a new data security protection system based on blockchain,achieving“trustworthy subject identity,controllable access behavior,and effective protection of subject and object resources”.This architecture provides an active security protection method for NCMS in the digital transformation of large enterprises,and can effectively enhance network security protection capabilities and cope with increasingly severe network security situations.展开更多
This paper investigates whether security headers are enforced to mitigate cyber-attacks in web-based systems in cyberspace. The security headers examined include X-Content-Type-Options, X-Frame-Options, Strict-Transpo...This paper investigates whether security headers are enforced to mitigate cyber-attacks in web-based systems in cyberspace. The security headers examined include X-Content-Type-Options, X-Frame-Options, Strict-Transport-Security, Referrer-Policy, Content-Security-Policy, and Permissions-Policy. The study employed a controlled experiment using a security header analysis tool. The web-based applications (websites) were analyzed to determine whether security headers have been correctly implemented. The experiment was iterated for 100 universities in Africa which are ranked high. The purposive sampling technique was employed to understand the status quo of the security headers implementations. The results revealed that 70% of the web-based applications in Africa have not enforced security headers in web-based applications. The study proposes a secure system architecture design for addressing web-based applications’ misconfiguration and insecure design. It presents security techniques for securing web-based applications through hardening security headers using automated threat modelling techniques. Furthermore, it recommends adopting the security headers in web-based applications using the proposed secure system architecture design.展开更多
This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends t...This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends that they are not the same. The concept of cyber security is explored, which goes beyond protecting information resources to include a wider variety of assets, including people [1]. Protecting information assets is the main goal of traditional information security, with consideration to the human element and how people fit into the security process. On the other hand, cyber security adds a new level of complexity, as people might unintentionally contribute to or become targets of cyberattacks. This aspect presents moral questions since it is becoming more widely accepted that society has a duty to protect weaker members of society, including children [1]. The study emphasizes how important cyber security is on a larger scale, with many countries creating plans and laws to counteract cyberattacks. Nevertheless, a lot of these sources frequently neglect to define the differences or the relationship between information security and cyber security [1]. The paper focus on differentiating between cybersecurity and information security on a larger scale. The study also highlights other areas of cybersecurity which includes defending people, social norms, and vital infrastructure from threats that arise from online in addition to information and technology protection. It contends that ethical issues and the human factor are becoming more and more important in protecting assets in the digital age, and that cyber security is a paradigm shift in this regard [1].展开更多
Security is a key problem for the development of Cloud Computing. A common service security architecture is a basic abstract to support security research work. The authorization ability in the service security faces m...Security is a key problem for the development of Cloud Computing. A common service security architecture is a basic abstract to support security research work. The authorization ability in the service security faces more complex and variable users and environment. Based on the multidimensional views, the service security architecture is described on three dimensions of service security requirement integrating security attributes and service layers. An attribute-based dynamic access control model is presented to detail the relationships among subjects, objects, roles, attributes, context and extra factors further. The model uses dynamic control policies to support the multiple roles and flexible authority. At last, access control and policies execution mechanism were studied as the implementation suggestion.展开更多
The fact that the security facilities within a system are closely coupled and the security facilities between systems are unconnected results in an isolated protection structure for systems, and gives rise to a seriou...The fact that the security facilities within a system are closely coupled and the security facilities between systems are unconnected results in an isolated protection structure for systems, and gives rise to a serious challenge to system security integrations and system controls. Also, the need for diversified services and flexible extensions of network security asks for more considerations and contribu?tions from the perspective of software engineering in the process of designing and constructing security systems. Based on the essence of the virtualization technique and the idea of software-defined networks, we in this paper propose a novel software-defi ned security architecture for systems. By abstracting the traditional security facilities and techniques, the proposed security architecture provides a new, simple, effective, and programmable framework in which security operations and security controls can be decoupled, and thereby reduces the software module sizes, decreases the intensity of software deve?lopments, and improves the security extensibility of systems.展开更多
Smart distribution grid needs data communication systems as a support to complete their important functions. The smart distribution grid of the data and information are increasingly adopting internet protocol and Ethe...Smart distribution grid needs data communication systems as a support to complete their important functions. The smart distribution grid of the data and information are increasingly adopting internet protocol and Ethernet technology. The IP addresses are more and more important for the smart distribution grid equipment. The current IPv4 protocol occupies a dominant position; therefore, the challenges of the evolution to IPv6 and network security are faced by data communication systems of the smart distribution grid. The importance of data communications network and its main bearer of business were described. The data communications network from IPv4 to IPv6 evolution of the five processes and four stages of the transition were analyzed. The smart distribution grid data communications network security and types of their offensive and defensive were discussed. And the data communications network security architecture was established. It covers three dimensions, the security level, the communications network security engineering and the communications network security management. The security architecture safeguards the evolution to IPv6 for the smart distribution grid data communication systems.展开更多
Cloud computing is becoming the developing trend in the information field.It causes many transforms in the related fields.In order to adapt such changes,computer forensics is bound to improve and integrate into the ne...Cloud computing is becoming the developing trend in the information field.It causes many transforms in the related fields.In order to adapt such changes,computer forensics is bound to improve and integrate into the new environment.This paper stands on this point,suggests a computer forensic service framework which is based on security architecture of cloud computing and requirements needed by cloud computing environment.The framework introduces honey farm technique,and pays more attention on active forensics,which can improve case handling efficiency and reduce the cost.展开更多
Cyber-physical systems are being confronted with an ever-increasing number of security threats from the complicated interactions and fusions between cyberspace and physical space.Integrating security-related activitie...Cyber-physical systems are being confronted with an ever-increasing number of security threats from the complicated interactions and fusions between cyberspace and physical space.Integrating security-related activities into the early phases of the development life cycle is a monolithic and cost-effective solution for the development of security-critical cyber-physical systems.These activities often incorporate security mechanisms from different realms.We present a fine-grained design flow paradigm for security-critical and software-intensive cyber-physical systems.We provide a comprehensive survey on the domain-specific architectures,countermeasure techniques and security standards involved in the development life cycle of security-critical cyber-physical systems,and adapt these elements to the newly designed flow paradigm.Finally,we provide prospectives and future directions for improving the usability and security level of this design flow paradigm.展开更多
With the rapid development of information technologies,industrial Internet has become more open,and security issues have become more challenging.The endogenous security mechanism can achieve the autonomous immune mech...With the rapid development of information technologies,industrial Internet has become more open,and security issues have become more challenging.The endogenous security mechanism can achieve the autonomous immune mechanism without prior knowledge.However,endogenous security lacks a scientific and formal definition in industrial Internet.Therefore,firstly we give a formal definition of endogenous security in industrial Internet and propose a new industrial Internet endogenous security architecture with cost analysis.Secondly,the endogenous security innovation mechanism is clearly defined.Thirdly,an improved clone selection algorithm based on federated learning is proposed.Then,we analyze the threat model of the industrial Internet identity authentication scenario,and propose cross-domain authentication mechanism based on endogenous key and zero-knowledge proof.We conduct identity authentication experiments based on two types of blockchains and compare their experimental results.Based on the experimental analysis,Ethereum alliance blockchain can be used to provide the identity resolution services on the industrial Internet.Internet of Things Application(IOTA)public blockchain can be used for data aggregation analysis of Internet of Things(IoT)edge nodes.Finally,we propose three core challenges and solutions of endogenous security in industrial Internet and give future development directions.展开更多
High-confidence computing relies on trusted instructional set architecture,sealed kernels,and secure operating systems.Cloud computing depends on trusted systems for virtualization tasks.Branch predictions and pipelin...High-confidence computing relies on trusted instructional set architecture,sealed kernels,and secure operating systems.Cloud computing depends on trusted systems for virtualization tasks.Branch predictions and pipelines are essential in improving performance of a CPU/GPU.But Spectre and Meltdown make modern processors vulnerable to be exploited.Disabling the prediction and pipeline is definitely not a good solution.On the other hand,current software patches can only address non-essential issues around Meltdown.This paper introduces a holistic approach in trusted computer architecture design and emulation.展开更多
During the initial stages of software development,the primary goal is to define precise and detailed requirements without concern for software realizations.Security constraints should be introduced then and must be ba...During the initial stages of software development,the primary goal is to define precise and detailed requirements without concern for software realizations.Security constraints should be introduced then and must be based on the semantic aspects of applications,not on their software architectures,as it is the case in most secure development methodologies.In these stages,we need to identify threats as attacker goals and indicate what conceptual security defenses are needed to thwart these goals,without consideration of implementation details.We can consider the effects of threats on the application assets and try to find ways to stop them.These threats should be controlled with abstract security mechanisms that can be realized by abstract security patterns(ASPs),that include only the core functions of these mechanisms,which must be present in every implementation of them.An abstract security pattern describes a conceptual security mechanism that includes functions able to stop or mitigate a threat or comply with a regulation or institutional policy.We describe here the properties of ASPs and present a detailed example.We relate ASPs to each other and to Security Solution Frames,which describe families of related patterns.We show how to include ASPs to secure an application,as well as how to derive concrete patterns from them.Finally,we discuss their practical value,including their use in“security by design”and IoT systems design.展开更多
With the large scale adoption of Internet of Things(IoT)applications in people’s lives and industrial manufacturing processes,IoT security has become an important problem today.IoT security significantly relies on th...With the large scale adoption of Internet of Things(IoT)applications in people’s lives and industrial manufacturing processes,IoT security has become an important problem today.IoT security significantly relies on the security of the underlying hardware chip,which often contains critical information,such as encryption key.To understand existing IoT chip security,this study analyzes the security of an IoT security chip that has obtained an Arm Platform Security Architecture(PSA)Level 2 certification.Our analysis shows that the chip leaks part of the encryption key and presents a considerable security risk.Specifically,we use commodity equipment to collect electromagnetic traces of the chip.Using a statistical T-test,we find that the target chip has physical leakage during the AES encryption process.We further use correlation analysis to locate the detailed encryption interval in the collected electromagnetic trace for the Advanced Encryption Standard(AES)encryption operation.On the basis of the intermediate value correlation analysis,we recover half of the 16-byte AES encryption key.We repeat the process for three different tests;in all the tests,we obtain the same result,and we recover around 8 bytes of the 16-byte AES encryption key.Therefore,experimental results indicate that despite the Arm PSA Level 2 certification,the target security chip still suffers from physical leakage.Upper layer application developers should impose strong security mechanisms in addition to those of the chip itself to ensure IoT application security.展开更多
Security issues and lnternet of Things (loT) become indispensable part in digital community as loT develops with the pervasive introduction of additional "smart" sensors and devices over the last decades, and it n...Security issues and lnternet of Things (loT) become indispensable part in digital community as loT develops with the pervasive introduction of additional "smart" sensors and devices over the last decades, and it necessitates the implementation of information security principle in digital community system. A three-level criticality model to determine the potential impact is proposed in digital community system when various devices lost in this paper. Combining the actual security requirement of digital community and characteristics of loT, a hierarchical security architecture including defense-in-deep cybersecurity and distribute secure control is proposed. A high-assurance trust model, which assumes insider compromise, which exists in the digital community, is finally proposed according to the security issues analysis.展开更多
The geopolitical construct of the Indo-Pacific has evolved as one of the most important ones of the twenty-first century and more particularly of the last decade.While there is little or no consensus on where the Indo...The geopolitical construct of the Indo-Pacific has evolved as one of the most important ones of the twenty-first century and more particularly of the last decade.While there is little or no consensus on where the Indo-Pacific Region(IPR)begins or ends,it has inadvertently become a space where new convergences,competitions and alignments have emerged.These developments are intrinsically linked with the ascent of China as a global power,the retreat of the American strategic footprint and the emergence of a multi-polar world order.Within the larger Indo-Pacific construct,the Western Indian Ocean region is a space of considerable geopolitical and maritime interactions between states.The United Arab Emirates(UAE)and India are both countries of the Western Indian Ocean region while France is a resident power of the region owing to the presence of two of its overseas departments-Mayotte and Reunion—and its inter services bases in the UAE and Djibouti.The three countries have considerable experience in operationalising bilateral as well as trilateral initiatives.The lack of such initiatives in the Western Indian Ocean region could therefore offer the opportunity for UAE,India and France to come together in a trilateral arrangement to further their strategic interests and uphold the concept of a‘free and open Indo-Pacific’.The paper seeks to explore whether a trilateral partnership between the UAE,India and France could contribute to furthering their respective strategic autonomy in the Indo-Pacific Region.The paper will also endeavour to examine the conflicts and differences that could be expected and the possible areas of convergence.展开更多
文摘With the rapid development of cloud manufacturing technology and the new generation of artificial intelligence technology,the new cloud manufacturing system(NCMS)built on the connotation of cloud manufacturing 3.0 presents a new business model of“Internet of everything,intelligent leading,data driving,shared services,cross-border integration,and universal innovation”.The network boundaries are becoming increasingly blurred,NCMS is facing security risks such as equipment unauthorized use,account theft,static and extensive access control policies,unauthorized access,supply chain attacks,sensitive data leaks,and industrial control vulnerability attacks.Traditional security architectures mainly use information security technology,which cannot meet the active security protection requirements of NCMS.In order to solve the above problems,this paper proposes an integrated cloud-edge-terminal security system architecture of NCMS.It adopts the zero trust concept and effectively integrates multiple security capabilities such as network,equipment,cloud computing environment,application,identity,and data.It adopts a new access control mode of“continuous verification+dynamic authorization”,classified access control mechanisms such as attribute-based access control,rolebased access control,policy-based access control,and a new data security protection system based on blockchain,achieving“trustworthy subject identity,controllable access behavior,and effective protection of subject and object resources”.This architecture provides an active security protection method for NCMS in the digital transformation of large enterprises,and can effectively enhance network security protection capabilities and cope with increasingly severe network security situations.
文摘This paper investigates whether security headers are enforced to mitigate cyber-attacks in web-based systems in cyberspace. The security headers examined include X-Content-Type-Options, X-Frame-Options, Strict-Transport-Security, Referrer-Policy, Content-Security-Policy, and Permissions-Policy. The study employed a controlled experiment using a security header analysis tool. The web-based applications (websites) were analyzed to determine whether security headers have been correctly implemented. The experiment was iterated for 100 universities in Africa which are ranked high. The purposive sampling technique was employed to understand the status quo of the security headers implementations. The results revealed that 70% of the web-based applications in Africa have not enforced security headers in web-based applications. The study proposes a secure system architecture design for addressing web-based applications’ misconfiguration and insecure design. It presents security techniques for securing web-based applications through hardening security headers using automated threat modelling techniques. Furthermore, it recommends adopting the security headers in web-based applications using the proposed secure system architecture design.
文摘This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends that they are not the same. The concept of cyber security is explored, which goes beyond protecting information resources to include a wider variety of assets, including people [1]. Protecting information assets is the main goal of traditional information security, with consideration to the human element and how people fit into the security process. On the other hand, cyber security adds a new level of complexity, as people might unintentionally contribute to or become targets of cyberattacks. This aspect presents moral questions since it is becoming more widely accepted that society has a duty to protect weaker members of society, including children [1]. The study emphasizes how important cyber security is on a larger scale, with many countries creating plans and laws to counteract cyberattacks. Nevertheless, a lot of these sources frequently neglect to define the differences or the relationship between information security and cyber security [1]. The paper focus on differentiating between cybersecurity and information security on a larger scale. The study also highlights other areas of cybersecurity which includes defending people, social norms, and vital infrastructure from threats that arise from online in addition to information and technology protection. It contends that ethical issues and the human factor are becoming more and more important in protecting assets in the digital age, and that cyber security is a paradigm shift in this regard [1].
基金supported by National Information Security Program under Grant No.2009A112
文摘Security is a key problem for the development of Cloud Computing. A common service security architecture is a basic abstract to support security research work. The authorization ability in the service security faces more complex and variable users and environment. Based on the multidimensional views, the service security architecture is described on three dimensions of service security requirement integrating security attributes and service layers. An attribute-based dynamic access control model is presented to detail the relationships among subjects, objects, roles, attributes, context and extra factors further. The model uses dynamic control policies to support the multiple roles and flexible authority. At last, access control and policies execution mechanism were studied as the implementation suggestion.
基金supported in part by the following grants:National Science Foundation of China(Grant No.61272400)Chongqing Innovative Team Fund for College Development Project(Grant No.KJTD201310)+3 种基金Chongqing Youth Innovative Talent Project(Grant No.cstc2013kjrc-qnrc40004)Science and Technology Research Program of the Chongqing Municipal Education Committee(Grant No.KJ1500425)Foundation of CQUPT(Grant No.WF201403)Chongqing Graduate Research and Innovation Project(Grant No.CYS14146)
文摘The fact that the security facilities within a system are closely coupled and the security facilities between systems are unconnected results in an isolated protection structure for systems, and gives rise to a serious challenge to system security integrations and system controls. Also, the need for diversified services and flexible extensions of network security asks for more considerations and contribu?tions from the perspective of software engineering in the process of designing and constructing security systems. Based on the essence of the virtualization technique and the idea of software-defined networks, we in this paper propose a novel software-defi ned security architecture for systems. By abstracting the traditional security facilities and techniques, the proposed security architecture provides a new, simple, effective, and programmable framework in which security operations and security controls can be decoupled, and thereby reduces the software module sizes, decreases the intensity of software deve?lopments, and improves the security extensibility of systems.
文摘Smart distribution grid needs data communication systems as a support to complete their important functions. The smart distribution grid of the data and information are increasingly adopting internet protocol and Ethernet technology. The IP addresses are more and more important for the smart distribution grid equipment. The current IPv4 protocol occupies a dominant position; therefore, the challenges of the evolution to IPv6 and network security are faced by data communication systems of the smart distribution grid. The importance of data communications network and its main bearer of business were described. The data communications network from IPv4 to IPv6 evolution of the five processes and four stages of the transition were analyzed. The smart distribution grid data communications network security and types of their offensive and defensive were discussed. And the data communications network security architecture was established. It covers three dimensions, the security level, the communications network security engineering and the communications network security management. The security architecture safeguards the evolution to IPv6 for the smart distribution grid data communication systems.
基金Sponsored by the National Social Science Found of China(Grant No.13CFX054)the Project of Humanities and Social Science of Chinese Ministry of Education(Grant No.11YJCZH175)
文摘Cloud computing is becoming the developing trend in the information field.It causes many transforms in the related fields.In order to adapt such changes,computer forensics is bound to improve and integrate into the new environment.This paper stands on this point,suggests a computer forensic service framework which is based on security architecture of cloud computing and requirements needed by cloud computing environment.The framework introduces honey farm technique,and pays more attention on active forensics,which can improve case handling efficiency and reduce the cost.
基金This work is supported by the National Natural Science Foundation of China(Nos.61303033,61303221)the National High Technology Research and Development Program of China(863 Program)(No.2015AA017203)+2 种基金the Natural Science Basis Research Plan in Shaanxi Province of China(No.2016JM6034)China 111 Project(No.B16037)the Special Research Foundation of MIIT(No.MJ-2014-S-37).
文摘Cyber-physical systems are being confronted with an ever-increasing number of security threats from the complicated interactions and fusions between cyberspace and physical space.Integrating security-related activities into the early phases of the development life cycle is a monolithic and cost-effective solution for the development of security-critical cyber-physical systems.These activities often incorporate security mechanisms from different realms.We present a fine-grained design flow paradigm for security-critical and software-intensive cyber-physical systems.We provide a comprehensive survey on the domain-specific architectures,countermeasure techniques and security standards involved in the development life cycle of security-critical cyber-physical systems,and adapt these elements to the newly designed flow paradigm.Finally,we provide prospectives and future directions for improving the usability and security level of this design flow paradigm.
基金supported by the National Key Research and Development Program of China(No.2018YFB0803403)Fundamental Research Funds for the Central Universities(Nos.FRF-AT-19-009Z and FRF-AT-20-11)from the Ministry of Education of China.
文摘With the rapid development of information technologies,industrial Internet has become more open,and security issues have become more challenging.The endogenous security mechanism can achieve the autonomous immune mechanism without prior knowledge.However,endogenous security lacks a scientific and formal definition in industrial Internet.Therefore,firstly we give a formal definition of endogenous security in industrial Internet and propose a new industrial Internet endogenous security architecture with cost analysis.Secondly,the endogenous security innovation mechanism is clearly defined.Thirdly,an improved clone selection algorithm based on federated learning is proposed.Then,we analyze the threat model of the industrial Internet identity authentication scenario,and propose cross-domain authentication mechanism based on endogenous key and zero-knowledge proof.We conduct identity authentication experiments based on two types of blockchains and compare their experimental results.Based on the experimental analysis,Ethereum alliance blockchain can be used to provide the identity resolution services on the industrial Internet.Internet of Things Application(IOTA)public blockchain can be used for data aggregation analysis of Internet of Things(IoT)edge nodes.Finally,we propose three core challenges and solutions of endogenous security in industrial Internet and give future development directions.
文摘High-confidence computing relies on trusted instructional set architecture,sealed kernels,and secure operating systems.Cloud computing depends on trusted systems for virtualization tasks.Branch predictions and pipelines are essential in improving performance of a CPU/GPU.But Spectre and Meltdown make modern processors vulnerable to be exploited.Disabling the prediction and pipeline is definitely not a good solution.On the other hand,current software patches can only address non-essential issues around Meltdown.This paper introduces a holistic approach in trusted computer architecture design and emulation.
基金This work received no external funding,but the National Institute of Informatics of Japan funded the trip of the first and fourth authors to Tokyo to participate in meetings where the idea of this paper was developed.
文摘During the initial stages of software development,the primary goal is to define precise and detailed requirements without concern for software realizations.Security constraints should be introduced then and must be based on the semantic aspects of applications,not on their software architectures,as it is the case in most secure development methodologies.In these stages,we need to identify threats as attacker goals and indicate what conceptual security defenses are needed to thwart these goals,without consideration of implementation details.We can consider the effects of threats on the application assets and try to find ways to stop them.These threats should be controlled with abstract security mechanisms that can be realized by abstract security patterns(ASPs),that include only the core functions of these mechanisms,which must be present in every implementation of them.An abstract security pattern describes a conceptual security mechanism that includes functions able to stop or mitigate a threat or comply with a regulation or institutional policy.We describe here the properties of ASPs and present a detailed example.We relate ASPs to each other and to Security Solution Frames,which describe families of related patterns.We show how to include ASPs to secure an application,as well as how to derive concrete patterns from them.Finally,we discuss their practical value,including their use in“security by design”and IoT systems design.
基金This work was partially supported by the National Natural Science Foundation of China(Nos.61872243 and U1713212)Guangdong Basic and Applied Basic Research Foundation(No.2020A1515011489)+1 种基金the Natural Science Foundation of Guangdong Province-Outstanding Youth Program(No.2019B151502018)Shenzhen Science and Technology Innovation Commission(No.R2020A045).
文摘With the large scale adoption of Internet of Things(IoT)applications in people’s lives and industrial manufacturing processes,IoT security has become an important problem today.IoT security significantly relies on the security of the underlying hardware chip,which often contains critical information,such as encryption key.To understand existing IoT chip security,this study analyzes the security of an IoT security chip that has obtained an Arm Platform Security Architecture(PSA)Level 2 certification.Our analysis shows that the chip leaks part of the encryption key and presents a considerable security risk.Specifically,we use commodity equipment to collect electromagnetic traces of the chip.Using a statistical T-test,we find that the target chip has physical leakage during the AES encryption process.We further use correlation analysis to locate the detailed encryption interval in the collected electromagnetic trace for the Advanced Encryption Standard(AES)encryption operation.On the basis of the intermediate value correlation analysis,we recover half of the 16-byte AES encryption key.We repeat the process for three different tests;in all the tests,we obtain the same result,and we recover around 8 bytes of the 16-byte AES encryption key.Therefore,experimental results indicate that despite the Arm PSA Level 2 certification,the target security chip still suffers from physical leakage.Upper layer application developers should impose strong security mechanisms in addition to those of the chip itself to ensure IoT application security.
基金Supported by the National Science Foundation of China of Shanxi(2015011040)
文摘Security issues and lnternet of Things (loT) become indispensable part in digital community as loT develops with the pervasive introduction of additional "smart" sensors and devices over the last decades, and it necessitates the implementation of information security principle in digital community system. A three-level criticality model to determine the potential impact is proposed in digital community system when various devices lost in this paper. Combining the actual security requirement of digital community and characteristics of loT, a hierarchical security architecture including defense-in-deep cybersecurity and distribute secure control is proposed. A high-assurance trust model, which assumes insider compromise, which exists in the digital community, is finally proposed according to the security issues analysis.
文摘The geopolitical construct of the Indo-Pacific has evolved as one of the most important ones of the twenty-first century and more particularly of the last decade.While there is little or no consensus on where the Indo-Pacific Region(IPR)begins or ends,it has inadvertently become a space where new convergences,competitions and alignments have emerged.These developments are intrinsically linked with the ascent of China as a global power,the retreat of the American strategic footprint and the emergence of a multi-polar world order.Within the larger Indo-Pacific construct,the Western Indian Ocean region is a space of considerable geopolitical and maritime interactions between states.The United Arab Emirates(UAE)and India are both countries of the Western Indian Ocean region while France is a resident power of the region owing to the presence of two of its overseas departments-Mayotte and Reunion—and its inter services bases in the UAE and Djibouti.The three countries have considerable experience in operationalising bilateral as well as trilateral initiatives.The lack of such initiatives in the Western Indian Ocean region could therefore offer the opportunity for UAE,India and France to come together in a trilateral arrangement to further their strategic interests and uphold the concept of a‘free and open Indo-Pacific’.The paper seeks to explore whether a trilateral partnership between the UAE,India and France could contribute to furthering their respective strategic autonomy in the Indo-Pacific Region.The paper will also endeavour to examine the conflicts and differences that could be expected and the possible areas of convergence.