基于标识密码的双向认证的安全启动协议

传统安全启动方案的认证环节是基于PKI体制实现,在设备数量剧增的情况下,证书的管理会增加系统复杂性,认证过程仅实现了单向认证,安全性不足;此外,由于选择了链式信任链,导致了在启动过程中的信任传递损失较大;针对上述问题,文章提出了一种基于IBC的Secure boot方案,即IBCEB方案;该方案使用了IBC体制的国家标准SM9算法作为实现方法,实现了无证书的双向认证协议,并对信任链模型进行了优化,降低了信任传递的损失;在ZC706评估板上进行了测试,测试结果表明,设备在双向认证后成功启动,提高了系统的安全性。

Repositioning fertilizer manufacturing subsidies for improving food security and reducing greenhouse gas emissions in China

China removed fertilizer manufacturing subsidies from 2015 to 2018 to bolster market-oriented reforms and foster environmentally sustainable practices.However,the impact of this policy reform on food security and the environment remains inadequately evaluated.Moreover,although green and low-carbon technologies offer environmental advantages,their widespread adoption is hindered by prohibitively high costs.This study analyzes the impact of removing fertilizer manufacturing subsidies and explores the potential feasibility of redirecting fertilizer manufacturing subsidies to invest in the diffusion of these technologies.Utilizing the China Agricultural University Agri-food Systems model,we analyzed the potential for achieving mutually beneficial outcomes regarding food security and environmental sustainability.The findings indicate that removing fertilizer manufacturing subsidies has reduced greenhouse gas(GHG)emissions from agricultural activities by 3.88 million metric tons,with minimal impact on food production.Redirecting fertilizer manufacturing subsidies to invest in green and low-carbon technologies,including slow and controlled-release fertilizer,organic-inorganic compound fertilizers,and machine deep placement of fertilizer,emerges as a strategy to concurrently curtail GHG emissions,ensure food security,and secure robust economic returns.Finally,we propose a comprehensive set of government interventions,including subsidies,field guidance,and improved extension systems,to promote the widespread adoption of these technologies.

An Investigation on Open-RAN Specifications:Use Cases,Security Threats,Requirements,Discussions

The emergence of various technologies such as terahertz communications,Reconfigurable Intelligent Surfaces(RIS),and AI-powered communication services will burden network operators with rising infrastructure costs.Recently,the Open Radio Access Network(O-RAN)has been introduced as a solution for growing financial and operational burdens in Beyond 5G(B5G)and 6G networks.O-RAN promotes openness and intelligence to overcome the limitations of traditional RANs.By disaggregating conventional Base Band Units(BBUs)into O-RAN Distributed Units(O-DU)and O-RAN Centralized Units(O-CU),O-RAN offers greater flexibility for upgrades and network automation.However,this openness introduces new security challenges compared to traditional RANs.Many existing studies overlook these security requirements of the O-RAN networks.To gain deeper insights into the O-RAN system and security,this paper first provides an overview of the general O-RAN architecture and its diverse use cases relevant to B5G and 6G applications.We then delve into specifications of O-RAN security threats and requirements,aiming to mitigate security vulnerabilities effectively.By providing a comprehensive understanding of O-RAN architecture,use cases,and security considerations,thisworkserves as a valuable resource for future research in O-RAN and its security.

太空安全的概念、源起与规则研析

太空安全日益受到国际社会的关注,但“安全”一词,在不同语言背景下含义并不相同。汉语语境下的“安全”对应了英语语境下safety和security两个词汇。前者对应的是免受危险和风险,后者对应的是免受人为的威胁。联合国文件中并未使用space safety这一表述,仅有少量联合国文件在特定情况下援引或提及space security,这在某种程度上暗示其与防止外空军备竞赛有一定联系。space safety这一用语的出现,表明部分西方国家开始将其安全诉求包装、隐藏于普遍性的太空安全问题中,将自身安全关切国际化,试图通过相关领域的讨论推进有利于自己的国际规则,从而冲击、淡化乃至取代防止外空军备竞赛的谈判。在推进太空安全国际规则方面,中俄与美西方一直存在尖锐对立。太空安全国际规则目前散见于联合国有关外空条约和一些国际软法中。近些年来,通过联大决议并利用联合国平台来推进太空安全规则已经成为一种潮流,但这些行为既有成功也有失败。中国已就太空安全立场做了清晰的阐释。为避免误导与混淆,对太空安全一词,应考虑其使用场合,并做适当变通处理。

Enhancing Cybersecurity Competency in the Kingdom of Saudi Arabia:A Fuzzy Decision-Making Approach

The Kingdom of Saudi Arabia(KSA)has achieved significant milestones in cybersecurity.KSA has maintained solid regulatorymechanisms to prevent,trace,and punish offenders to protect the interests of both individual users and organizations from the online threats of data poaching and pilferage.The widespread usage of Information Technology(IT)and IT Enable Services(ITES)reinforces securitymeasures.The constantly evolving cyber threats are a topic that is generating a lot of discussion.In this league,the present article enlists a broad perspective on how cybercrime is developing in KSA at present and also takes a look at some of the most significant attacks that have taken place in the region.The existing legislative framework and measures in the KSA are geared toward deterring criminal activity online.Different competency models have been devised to address the necessary cybercrime competencies in this context.The research specialists in this domain can benefit more by developing a master competency level for achieving optimum security.To address this research query,the present assessment uses the Fuzzy Decision-Making Trial and Evaluation Laboratory(Fuzzy-DMTAEL),Fuzzy Analytic Hierarchy Process(F.AHP),and Fuzzy TOPSIS methodology to achieve segment-wise competency development in cyber security policy.The similarities and differences between the three methods are also discussed.This cybersecurity analysis determined that the National Cyber Security Centre got the highest priority.The study concludes by perusing the challenges that still need to be examined and resolved in effectuating more credible and efficacious online security mechanisms to offer amoreempowered ITES-driven economy for SaudiArabia.Moreover,cybersecurity specialists and policymakers need to collate their efforts to protect the country’s digital assets in the era of overt and covert cyber warfare.

Correlation Composition Awareness Model with Pair Collaborative Localization for IoT Authentication and Localization

Secure authentication and accurate localization among Internet of Things(IoT)sensors are pivotal for the functionality and integrity of IoT networks.IoT authentication and localization are intricate and symbiotic,impacting both the security and operational functionality of IoT systems.Hence,accurate localization and lightweight authentication on resource-constrained IoT devices pose several challenges.To overcome these challenges,recent approaches have used encryption techniques with well-known key infrastructures.However,these methods are inefficient due to the increasing number of data breaches in their localization approaches.This proposed research efficiently integrates authentication and localization processes in such a way that they complement each other without compromising on security or accuracy.The proposed framework aims to detect active attacks within IoT networks,precisely localize malicious IoT devices participating in these attacks,and establish dynamic implicit authentication mechanisms.This integrated framework proposes a Correlation Composition Awareness(CCA)model,which explores innovative approaches to device correlations,enhancing the accuracy of attack detection and localization.Additionally,this framework introduces the Pair Collaborative Localization(PCL)technique,facilitating precise identification of the exact locations of malicious IoT devices.To address device authentication,a Behavior and Performance Measurement(BPM)scheme is developed,ensuring that only trusted devices gain access to the network.This work has been evaluated across various environments and compared against existing models.The results prove that the proposed methodology attains 96%attack detection accuracy,84%localization accuracy,and 98%device authentication accuracy.

Towards Blockchain-Based Secure BGP Routing,Challenges and Future Research Directions

Border Gateway Protocol(BGP)is a standard inter-domain routing protocol for the Internet that conveys network layer reachability information and establishes routes to different destinations.The BGP protocol exhibits security design defects,such as an unconditional trust mechanism and the default acceptance of BGP route announcements from peers by BGP neighboring nodes,easily triggering prefix hijacking,path forgery,route leakage,and other BGP security threats.Meanwhile,the traditional BGP security mechanism,relying on a public key infrastructure,faces issues like a single point of failure and a single point of trust.The decentralization,anti-tampering,and traceability advantages of blockchain offer new solution ideas for constructing secure and trusted inter-domain routing mechanisms.In this paper,we summarize the characteristics of BGP protocol in detail,sort out the BGP security threats and their causes.Additionally,we analyze the shortcomings of the traditional BGP security mechanism and comprehensively evaluate existing blockchain-based solutions to address the above problems and validate the reliability and effectiveness of blockchain-based BGP security methods in mitigating BGP security threats.Finally,we discuss the challenges posed by BGP security problems and outline prospects for future research.

Intelligent Dynamic Heterogeneous Redundancy Architecture for IoT Systems

The conventional dynamic heterogeneous redundancy(DHR)architecture suffers from the security threats caused by the stability differences and similar vulnerabilities among the executors.To overcome these challenges,we propose an intelligent DHR architecture,which is more feasible by intelligently combining the random distribution based dynamic scheduling algorithm(RD-DS)and information weight and heterogeneity based arbitrament(IWHA)algorithm.In the proposed architecture,the random distribution function and information weight are employed to achieve the optimal selection of executors in the process of RD-DS,which avoids the case that some executors fail to be selected due to their stability difference in the conventional DHR architecture.Then,through introducing the heterogeneity to restrict the information weights in the procedure of the IWHA,the proposed architecture solves the common mode escape issue caused by the existence of multiple identical error output results of similar vulnerabilities.The experimental results characterize that the proposed architecture outperforms in heterogeneity,scheduling times,security,and stability over the conventional DHR architecture under the same conditions.

A Survey on Sensor-and Communication-Based Issues of Autonomous UAVs

The application field for Unmanned Aerial Vehicle (UAV) technology and its adoption rate have been increasingsteadily in the past years. Decreasing cost of commercial drones has enabled their use at a scale broader thanever before. However, increasing the complexity of UAVs and decreasing the cost, both contribute to a lack ofimplemented securitymeasures and raise new security and safety concerns. For instance, the issue of implausible ortampered UAV sensor measurements is barely addressed in the current research literature and thus, requires moreattention from the research community. The goal of this survey is to extensively review state-of-the-art literatureregarding common sensor- and communication-based vulnerabilities, existing threats, and active or passive cyberattacksagainst UAVs, as well as shed light on the research gaps in the literature. In this work, we describe theUnmanned Aerial System (UAS) architecture to point out the origination sources for security and safety issues.Weevaluate the coverage and completeness of each related research work in a comprehensive comparison table as wellas classify the threats, vulnerabilities and cyber-attacks into sensor-based and communication-based categories.Additionally, for each individual cyber-attack, we describe existing countermeasures or detectionmechanisms andprovide a list of requirements to ensureUAV’s security and safety.We also address the problem of implausible sensormeasurements and introduce the idea of a plausibility check for sensor data. By doing so, we discover additionalmeasures to improve security and safety and report on a research niche that is not well represented in the currentresearch literature.

A Comprehensive Survey for Privacy-Preserving Biometrics: Recent Approaches, Challenges, and Future Directions

The rapid growth of smart technologies and services has intensified the challenges surrounding identity authenti-cation techniques.Biometric credentials are increasingly being used for verification due to their advantages over traditional methods,making it crucial to safeguard the privacy of people’s biometric data in various scenarios.This paper offers an in-depth exploration for privacy-preserving techniques and potential threats to biometric systems.It proposes a noble and thorough taxonomy survey for privacy-preserving techniques,as well as a systematic framework for categorizing the field’s existing literature.We review the state-of-the-art methods and address their advantages and limitations in the context of various biometric modalities,such as face,fingerprint,and eye detection.The survey encompasses various categories of privacy-preserving mechanisms and examines the trade-offs between security,privacy,and recognition performance,as well as the issues and future research directions.It aims to provide researchers,professionals,and decision-makers with a thorough understanding of the existing privacy-preserving solutions in biometric recognition systems and serves as the foundation of the development of more secure and privacy-preserving biometric technologies.

Physical-Layer Secret Key Generation for Dual-Task Scenarios

Physical-layer secret key generation(PSKG)provides a lightweight way for group key(GK)sharing between wireless users in large-scale wireless networks.However,most of the existing works in this field consider only group communication.For a commonly dual-task scenario,where both GK and pairwise key(PK)are required,traditional methods are less suitable for direct extension.For the first time,we discover a security issue with traditional methods in dual-task scenarios,which has not previously been recognized.We propose an innovative segment-based key generation method to solve this security issue.We do not directly use PK exclusively to negotiate the GK as traditional methods.Instead,we generate GK and PK separately through segmentation which is the first solution to meet dual-task.We also perform security and rate analysis.It is demonstrated that our method is effective in solving this security issue from an information-theoretic perspective.The rate results of simulation are also consistent with the our rate derivation.

A Practical Regular LDPC Coded Scheme for Physical-Layer Information Security

In this paper,we aim to design a practical low complexity low-density parity-check(LDPC)coded scheme to build a secure open channel and protect information from eavesdropping.To this end,we first propose a punctured LDPC coded scheme,where the information bits in a codeword are punctured and only the parity check bits are transmitted to the receiver.We further propose a notion of check node type distribution and derive multi-edge type extrinsic information transfer functions to estimate the security performance,instead of the well-known weak metric bit error rate.We optimize the check node type distribution in terms of the signal-to-noise ratio(SNR)gap and modify the progressive edge growth algorithm to design finite-length codes.Numerical results show that our proposed scheme can achieve a lower computational complexity and a smaller security gap,compared to the existing scrambling and puncturing schemes.

Security and Privacy in Solar Insecticidal Lamps Internet of Things:Requirements and Challenges

Solar insecticidal lamps(SIL) can effectively control pests and reduce the use of pesticides. Combining SIL and Internet of Things(IoT) has formed a new type of agricultural IoT,known as SIL-IoT, which can improve the effectiveness of migratory phototropic pest control. However, since the SIL is connected to the Internet, it is vulnerable to various security issues.These issues can lead to serious consequences, such as tampering with the parameters of SIL, illegally starting and stopping SIL,etc. In this paper, we describe the overall security requirements of SIL-IoT and present an extensive survey of security and privacy solutions for SIL-IoT. We investigate the background and logical architecture of SIL-IoT, discuss SIL-IoT security scenarios, and analyze potential attacks. Starting from the security requirements of SIL-IoT we divide them into six categories, namely privacy, authentication, confidentiality, access control, availability,and integrity. Next, we describe the SIL-IoT privacy and security solutions, as well as the blockchain-based solutions. Based on the current survey, we finally discuss the challenges and future research directions of SIL-IoT.

On Designs of Decentralized Reputation Management for Permissioned Blockchain Networks

In permissioned blockchain networks,the Proof of Authority(PoA)consensus,which uses the election of authorized nodes to validate transactions and blocks,has beenwidely advocated thanks to its high transaction throughput and fault tolerance.However,PoA suffers from the drawback of centralization dominated by a limited number of authorized nodes and the lack of anonymity due to the round-robin block proposal mechanism.As a result,traditional PoA is vulnerable to a single point of failure that compromises the security of the blockchain network.To address these issues,we propose a novel decentralized reputation management mechanism for permissioned blockchain networks to enhance security,promote liveness,and mitigate centralization while retaining the same throughput as traditional PoA.This paper aims to design an off-chain reputation evaluation and an on-chain reputation-aided consensus.First,we evaluate the nodes’reputation in the context of the blockchain networks and make the reputation globally verifiable through smart contracts.Second,building upon traditional PoA,we propose a reputation-aided PoA(rPoA)consensus to enhance securitywithout sacrificing throughput.In particular,rPoA can incentivize nodes to autonomously form committees based on reputation authority,which prevents block generation from being tracked through the randomness of reputation variation.Moreover,we develop a reputation-aided fork-choice rule for rPoA to promote the network’s liveness.Finally,experimental results show that the proposed rPoA achieves higher security performance while retaining transaction throughput compared to traditional PoA.

Soybean maize strip intercropping:A solution for maintaining food security in China

The practice of intercropping leguminous and gramineous crops is used for promoting sustainable agriculture,optimizing resource utilization,enhancing biodiversity,and reducing reliance on petroleum products.However,promoting conventional intercropping strategies in modern agriculture can prove challenging.The innovative technology of soybean maize strip intercropping(SMSI)has been proposed as a solution.This system has produced remarkable results in improving domestic soybean and maize production for both food security and sustainable agriculture.In this article,we provide an overview of SMSI and explain how it differs from traditional intercropping.We also discuss the core principles that foster higher yields and the prospects for its future development.

Systematic Security Guideline Framework through Intelligently Automated Vulnerability Analysis

This research aims to propose a practical framework designed for the automatic analysis of a product’s comprehensive functionality and security vulnerabilities,generating applicable guidelines based on real-world software.The existing analysis of software security vulnerabilities often focuses on specific features or modules.This partial and arbitrary analysis of the security vulnerabilities makes it challenging to comprehend the overall security vulnerabilities of the software.The key novelty lies in overcoming the constraints of partial approaches.The proposed framework utilizes data from various sources to create a comprehensive functionality profile,facilitating the derivation of real-world security guidelines.Security guidelines are dynamically generated by associating functional security vulnerabilities with the latest Common Vulnerabilities and Exposure(CVE)and Common Vulnerability Scoring System(CVSS)scores,resulting in automated guidelines tailored to each product.These guidelines are not only practical but also applicable in real-world software,allowing for prioritized security responses.The proposed framework is applied to virtual private network(VPN)software,wherein a validated Level 2 data flow diagram is generated using the Spoofing,Tampering,Repudiation,Information Disclosure,Denial of Service,and Elevation of privilege(STRIDE)technique with references to various papers and examples from related software.The analysis resulted in the identification of a total of 121 vulnerabilities.The successful implementation and validation demonstrate the framework’s efficacy in generating customized guidelines for entire systems,subsystems,and selected modules.

A Holistic Secure Communication Mechanism Using a Multilayered Cryptographic Protocol to Enhanced Security

In an era characterized by digital pervasiveness and rapidly expanding datasets,ensuring the integrity and reliability of information is paramount.As cyber threats evolve in complexity,traditional cryptographic methods face increasingly sophisticated challenges.This article initiates an exploration into these challenges,focusing on key exchanges(encompassing their variety and subtleties),scalability,and the time metrics associated with various cryptographic processes.We propose a novel cryptographic approach underpinned by theoretical frameworks and practical engineering.Central to this approach is a thorough analysis of the interplay between Confidentiality and Integrity,foundational pillars of information security.Our method employs a phased strategy,beginning with a detailed examination of traditional cryptographic processes,including Elliptic Curve Diffie-Hellman(ECDH)key exchanges.We also delve into encrypt/decrypt paradigms,signature generation modes,and the hashes used for Message Authentication Codes(MACs).Each process is rigorously evaluated for performance and reliability.To gain a comprehensive understanding,a meticulously designed simulation was conducted,revealing the strengths and potential improvement areas of various techniques.Notably,our cryptographic protocol achieved a confidentiality metric of 9.13 in comprehensive simulation runs,marking a significant advancement over existing methods.Furthermore,with integrity metrics at 9.35,the protocol’s resilience is further affirmed.These metrics,derived from stringent testing,underscore the protocol’s efficacy in enhancing data security.

A Survey on the Evolution of Bootkits Attack and Defense Techniques

According to the boot process of modern computer systems,whoever boots first will gain control first.Taking advantage of this feature,a malicious code called bootkit can hijack the control before the OS bootloader and bypass security mechanisms in boot process.That makes bootkits difficult to detect or clean up thoroughly.With the improvement of security mechanisms and the emergence of UEFI,the attack and defense techniques for bootkits have constantly been evolving.We first introduce two boot modes of modern computer systems and present an attack model of bootkits by some sophistical samples.Then we discuss some classic attack techniques used by bootkits from their initial appearance to the present on two axes,including boot mode axis and attack phase axis.Next,we evaluate the race to the bottom of the system and the evolution process between bootkits and security mechanisms.At last,we present the possible future direction for bootkits in the context of continuous improvement of OS and firmware security mechanisms.

Food security amid the COVID-19 pandemic in Central Asia:Evidence from rural Tajikistan

Food security has been long understudied in the context of Central Asia.We present an analysis examining household-level food demand for Tajikistan and assessing the magnitude of its food security changes during the COVID-19 pandemic.Based on an extensive household survey data set from Tajikistan,we estimate the expenditure,income,and price elasticities for nine food categories using the QUAIDS model.Then,we develop a microsimulation model using the estimated elasticities to assess the dual impact of declining remittance income and rising food prices stemming from the pandemic shock.There are significant differences in demand elasticities across food groups,with high elasticities observed for nutritious foods,such as meat,fruit,eggs,and milk,in rural households.Moreover,our findings show that changes in remittance income and food prices significantly negatively affected food security for rural households during the COVID-19 pandemic.These findings have important implications for policymakers concerned about rural livelihoods and food security in remittance-receiving economies during the post-pandemic period.

A Review on the Security of the Ethereum-Based DeFi Ecosystem

Decentralized finance(DeFi)is a general term for a series of financial products and services.It is based on blockchain technology and has attracted people’s attention because of its open,transparent,and intermediary free.Among them,the DeFi ecosystem based on Ethereum-based blockchains attracts the most attention.However,the current decentralized financial system built on the Ethereum architecture has been exposed to many smart contract vulnerabilities during the last few years.Herein,we believe it is time to improve the understanding of the prevailing Ethereum-based DeFi ecosystem security issues.To that end,we investigate the Ethereum-based DeFi security issues:1)inherited from the real-world financial system,which can be solved by macro-control;2)induced by the problems of blockchain architecture,which require a better blockchain platform;3)caused by DeFi invented applications,which should be focused on during the project development.Based on that,we further discuss the current solutions and potential directions ofDeFi security.According to our research,we could provide a comprehensive vision to the research community for the improvement of Ethereum-basedDeFi ecosystem security.