The emergence of various technologies such as terahertz communications,Reconfigurable Intelligent Surfaces(RIS),and AI-powered communication services will burden network operators with rising infrastructure costs.Rece...The emergence of various technologies such as terahertz communications,Reconfigurable Intelligent Surfaces(RIS),and AI-powered communication services will burden network operators with rising infrastructure costs.Recently,the Open Radio Access Network(O-RAN)has been introduced as a solution for growing financial and operational burdens in Beyond 5G(B5G)and 6G networks.O-RAN promotes openness and intelligence to overcome the limitations of traditional RANs.By disaggregating conventional Base Band Units(BBUs)into O-RAN Distributed Units(O-DU)and O-RAN Centralized Units(O-CU),O-RAN offers greater flexibility for upgrades and network automation.However,this openness introduces new security challenges compared to traditional RANs.Many existing studies overlook these security requirements of the O-RAN networks.To gain deeper insights into the O-RAN system and security,this paper first provides an overview of the general O-RAN architecture and its diverse use cases relevant to B5G and 6G applications.We then delve into specifications of O-RAN security threats and requirements,aiming to mitigate security vulnerabilities effectively.By providing a comprehensive understanding of O-RAN architecture,use cases,and security considerations,thisworkserves as a valuable resource for future research in O-RAN and its security.展开更多
With the popularization of the Internet and the development of technology,cyber threats are increasing day by day.Threats such as malware,hacking,and data breaches have had a serious impact on cybersecurity.The networ...With the popularization of the Internet and the development of technology,cyber threats are increasing day by day.Threats such as malware,hacking,and data breaches have had a serious impact on cybersecurity.The network security environment in the era of big data presents the characteristics of large amounts of data,high diversity,and high real-time requirements.Traditional security defense methods and tools have been unable to cope with the complex and changing network security threats.This paper proposes a machine-learning security defense algorithm based on metadata association features.Emphasize control over unauthorized users through privacy,integrity,and availability.The user model is established and the mapping between the user model and the metadata of the data source is generated.By analyzing the user model and its corresponding mapping relationship,the query of the user model can be decomposed into the query of various heterogeneous data sources,and the integration of heterogeneous data sources based on the metadata association characteristics can be realized.Define and classify customer information,automatically identify and perceive sensitive data,build a behavior audit and analysis platform,analyze user behavior trajectories,and complete the construction of a machine learning customer information security defense system.The experimental results show that when the data volume is 5×103 bit,the data storage integrity of the proposed method is 92%.The data accuracy is 98%,and the success rate of data intrusion is only 2.6%.It can be concluded that the data storage method in this paper is safe,the data accuracy is always at a high level,and the data disaster recovery performance is good.This method can effectively resist data intrusion and has high air traffic control security.It can not only detect all viruses in user data storage,but also realize integrated virus processing,and further optimize the security defense effect of user big data.展开更多
This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends t...This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends that they are not the same. The concept of cyber security is explored, which goes beyond protecting information resources to include a wider variety of assets, including people [1]. Protecting information assets is the main goal of traditional information security, with consideration to the human element and how people fit into the security process. On the other hand, cyber security adds a new level of complexity, as people might unintentionally contribute to or become targets of cyberattacks. This aspect presents moral questions since it is becoming more widely accepted that society has a duty to protect weaker members of society, including children [1]. The study emphasizes how important cyber security is on a larger scale, with many countries creating plans and laws to counteract cyberattacks. Nevertheless, a lot of these sources frequently neglect to define the differences or the relationship between information security and cyber security [1]. The paper focus on differentiating between cybersecurity and information security on a larger scale. The study also highlights other areas of cybersecurity which includes defending people, social norms, and vital infrastructure from threats that arise from online in addition to information and technology protection. It contends that ethical issues and the human factor are becoming more and more important in protecting assets in the digital age, and that cyber security is a paradigm shift in this regard [1].展开更多
The concept of landscape architecture with eco-security was proposed,ecological security of landscape architecture in Yunnan was elaborated from 8 aspects,specifically as landform,typical climate,natural vegetation,bi...The concept of landscape architecture with eco-security was proposed,ecological security of landscape architecture in Yunnan was elaborated from 8 aspects,specifically as landform,typical climate,natural vegetation,biodiversity,transplantation of large-size trees,disaster-proof function,greening security,introduction of garden species.Moreover,countermeasures for maintaining the ecological security of landscape architecture in Yunnan Province were further put forward,① In view of local conditions,inheriting natural views of classical Chinese gardens,respecting all natural elements,② Rising higher requirements on the planning of garden green space system,③ Paying more attention to the integrated construction of green spaces in urban and rural areas,maintaining the wholeness of suburban ecosystem,④ Devoting more in developing seedling industry,culturing more large-size seedlings in original sites,⑤ Selecting right trees for right sites in constructing urban gardens.Eventually,it was proposed that gardens in Yunnan Province should be developed by combining with its outstanding ecological conditions,among which ecological security should be the focus of attention.展开更多
This paper deals with the security of stock market transactions within financial markets, particularly that of the West African Economic and Monetary Union (UEMOA). The confidentiality and integrity of sensitive data ...This paper deals with the security of stock market transactions within financial markets, particularly that of the West African Economic and Monetary Union (UEMOA). The confidentiality and integrity of sensitive data in the stock market being crucial, the implementation of robust systems which guarantee trust between the different actors is essential. We therefore proposed, after analyzing the limits of several security approaches in the literature, an architecture based on blockchain technology making it possible to both identify and reduce the vulnerabilities linked to the design, implementation work or the use of web applications used for transactions. Our proposal makes it possible, thanks to two-factor authentication via the Blockchain, to strengthen the security of investors’ accounts and the automated recording of transactions in the Blockchain while guaranteeing the integrity of stock market operations. It also provides an application vulnerability report. To validate our approach, we compared our results to those of three other security tools, at the level of different metrics. Our approach achieved the best performance in each case.展开更多
Security is a key problem for the development of Cloud Computing. A common service security architecture is a basic abstract to support security research work. The authorization ability in the service security faces m...Security is a key problem for the development of Cloud Computing. A common service security architecture is a basic abstract to support security research work. The authorization ability in the service security faces more complex and variable users and environment. Based on the multidimensional views, the service security architecture is described on three dimensions of service security requirement integrating security attributes and service layers. An attribute-based dynamic access control model is presented to detail the relationships among subjects, objects, roles, attributes, context and extra factors further. The model uses dynamic control policies to support the multiple roles and flexible authority. At last, access control and policies execution mechanism were studied as the implementation suggestion.展开更多
The fact that the security facilities within a system are closely coupled and the security facilities between systems are unconnected results in an isolated protection structure for systems, and gives rise to a seriou...The fact that the security facilities within a system are closely coupled and the security facilities between systems are unconnected results in an isolated protection structure for systems, and gives rise to a serious challenge to system security integrations and system controls. Also, the need for diversified services and flexible extensions of network security asks for more considerations and contribu?tions from the perspective of software engineering in the process of designing and constructing security systems. Based on the essence of the virtualization technique and the idea of software-defined networks, we in this paper propose a novel software-defi ned security architecture for systems. By abstracting the traditional security facilities and techniques, the proposed security architecture provides a new, simple, effective, and programmable framework in which security operations and security controls can be decoupled, and thereby reduces the software module sizes, decreases the intensity of software deve?lopments, and improves the security extensibility of systems.展开更多
As the Internet of Things (IoT) is emerging as an attractive paradigm, a typical IoT architecture that U2IoT (Unit IoT and Ubiquitous IoT) model has been presented for the future IoT. Based on the U2IoT model, this pa...As the Internet of Things (IoT) is emerging as an attractive paradigm, a typical IoT architecture that U2IoT (Unit IoT and Ubiquitous IoT) model has been presented for the future IoT. Based on the U2IoT model, this paper proposes a cyber-physical-social based security architecture (IPM) to deal with Information, Physical, and Management security perspectives, and presents how the architectural abstractions support U2IoT model. In particular, 1) an information security model is established to describe the mapping relations among U2IoT, security layer, and security requirement, in which social layer and additional intelligence and compatibility properties are infused into IPM;2) physical security referring to the external context and inherent infrastructure are inspired by artificial immune algorithms;3) recommended security strategies are suggested for social management control. The proposed IPM combining the cyber world, physical world and human social provides constructive proposal towards the future IoT security and privacy protection.展开更多
Current SDN controllers suffer from a series of potential attacks. For example, malicious flow rules may lead to system disorder by introducing unexpected flow entries. In this paper, we propose Mcad-SA, an aware deci...Current SDN controllers suffer from a series of potential attacks. For example, malicious flow rules may lead to system disorder by introducing unexpected flow entries. In this paper, we propose Mcad-SA, an aware decision-making security architecture with multiple controllers, which could coordinate heterogeneous controllers internally as a "big" controller. This architecture includes an additional plane, the scheduling plane, which consists of transponder, sensor, decider and scheduler. Meanwhile it achieves the functions of communicating, supervising and scheduling between data and control plane. In this framework, we adopt the vote results from the majority of controllers to determine valid flow rules distributed to switches. Besides, an aware dynamic scheduling(ADS) mechanism is devised in scheduler to intensify security of Mcad-SA further. Combined with perception, ADS takes advantage of heterogeneity and redundancy of controllers to enable the control plane operate in a dynamic, reliable and unsteady state, which results in significant difficulty of probing systems and executing attacks. Simulation results demonstrate the proposed methods indicate better security resilience over traditional architectures as they have lower failure probability when facing attacks.展开更多
More and more modern group oriented collaborativeapplications use the peer-to-peer(P2P)paradigm tobe independent of expensive infrastructures as theyare,for instance,provided for audio and video conferencesby H.323 sy...More and more modern group oriented collaborativeapplications use the peer-to-peer(P2P)paradigm tobe independent of expensive infrastructures as theyare,for instance,provided for audio and video conferencesby H.323 systems.Decentralized collaborativeP2P solutions require appropriate mechanismsto protect group privacy and data integrity.A centralizedclient/server based video conference system canbe well shielded in a standard manner,whilst thereare no off-the-shelf approaches to secure a P2P videoconference up to now.The paper addresses this issueand presents a flexible security architecture.Usingthe BRAVIS system[4]as an example it shows howthe architecture can be embedded into a P2P videoconferencing system.展开更多
Smart distribution grid needs data communication systems as a support to complete their important functions. The smart distribution grid of the data and information are increasingly adopting internet protocol and Ethe...Smart distribution grid needs data communication systems as a support to complete their important functions. The smart distribution grid of the data and information are increasingly adopting internet protocol and Ethernet technology. The IP addresses are more and more important for the smart distribution grid equipment. The current IPv4 protocol occupies a dominant position; therefore, the challenges of the evolution to IPv6 and network security are faced by data communication systems of the smart distribution grid. The importance of data communications network and its main bearer of business were described. The data communications network from IPv4 to IPv6 evolution of the five processes and four stages of the transition were analyzed. The smart distribution grid data communications network security and types of their offensive and defensive were discussed. And the data communications network security architecture was established. It covers three dimensions, the security level, the communications network security engineering and the communications network security management. The security architecture safeguards the evolution to IPv6 for the smart distribution grid data communication systems.展开更多
As time and space constraints decrease due to the development of wireless communication network technology,the scale and scope of cyber-attacks targeting the Internet of Things(IoT)are increasing.However,it is difficu...As time and space constraints decrease due to the development of wireless communication network technology,the scale and scope of cyber-attacks targeting the Internet of Things(IoT)are increasing.However,it is difficult to apply high-performance security modules to the IoT owing to the limited battery,memory capacity,and data transmission performance depend-ing on the size of the device.Conventional research has mainly reduced power consumption by lightening encryption algorithms.However,it is difficult to defend large-scale information systems and networks against advanced and intelligent attacks because of the problem of deteriorating security perfor-mance.In this study,we propose wake-up security(WuS),a low-power security architecture that can utilize high-performance security algorithms in an IoT environment.By introducing a small logic that performs anomaly detection on the IoT platform and executes the security module only when necessary according to the anomaly detection result,WuS improves security and power efficiency while using a relatively high-complexity security module in a low-power environment compared to the conventional method of periodically exe-cuting a high-performance security module.In this study,a Python simulator based on the UNSW-NB15 dataset is used to evaluate the power consumption,latency,and security of the proposed method.The evaluation results reveal that the power consumption of the proposed WuS mechanism is approxi-mately 51.8%and 27.2%lower than those of conventional high-performance security and lightweight security modules,respectively.Additionally,the laten-cies are approximately 74.8%and 65.9%lower,respectively.Furthermore,the WuS mechanism achieved a high detection accuracy of approximately 96.5%or greater,proving that the detection efficiency performance improved by approximately 33.5%compared to the conventional model.The performance evaluation results for the proposed model varied depending on the applied anomaly-detection model.Therefore,they can be used in various ways by selecting suitable models based on the performance levels required in each industry.展开更多
The Internet of Things(IoT)is a recent technology,which implies the union of objects,“things”,into a single worldwide network.This promising paradigm faces many design challenges associated with the dramatic increas...The Internet of Things(IoT)is a recent technology,which implies the union of objects,“things”,into a single worldwide network.This promising paradigm faces many design challenges associated with the dramatic increase in the number of end-devices.Device identification is one of these challenges that becomes complicated with the increase of network devices.Despite this,there is still no universally accepted method of identifying things that would satisfy all requirements of the existing IoT devices and applications.In this regard,one of the most important problems is choosing an identification system for all IoT devices connected to the public communication networks.Many unique soft-ware and hardware solutions are used as a unique global identifier;however,such solutions have many limitations.This article proposes a novel solution,based on the Digital Object Architecture(DOA),that meets the requirements of identifying devices and applications of the IoT.This work analyzes the benefits of using the DOA as an identification platform in modern telecommunication networks.We propose a model of an identification system based on the architecture of digital objects,which differs from the well-known ones.The proposed model ensures an acceptable quality of service(QoS)in the common architecture of the existing public communication networks.A novel interaction architecture is developed by introducing a Middle Handle Register(MHR)between the global register,i.e.,Global Handle Register(GHR),and local register,i.e.,Local Handle Register(LHR).The aspects of the network interaction and the compatibility of IoT end-devices with the integrated DOA identifiers in heterogeneous communication networks are presented.The developed model is simulated for a wide-area network with allocated registers,and the results are introduced and discussed.展开更多
Most recent satellite network research has focused on providing routing services without considering security. In this paper, for the sake of better global coverage, we introduce a novel triple-layered satellite netwo...Most recent satellite network research has focused on providing routing services without considering security. In this paper, for the sake of better global coverage, we introduce a novel triple-layered satellite network architecture including Geostationary Earth Orbit (GEO), Highly Elliptical Orbit (HEO), and Low Earth Orbit (LEO) satellite layers, which provides the near-global coverage with 24 hour uninterrupted over the areas varying from 75° S to 90° N. On the basis of the hierarchical architecture, we propose a QoS-guaranteed secure multicast routing protocol (QGSMRP) for satellite IP networks using the logical location concept to isolate the mobility of LEO and HEO satellites. In QGSMRP, we employ the asymmetric cryptography to secure the control messages via the pairwise key pre-distribution, and present a least cost tree (LCT) strategy to construct the multicast tree under the condition that the QoS constraints are guaranteed, aiming to minimize the tree cost. Simulation results show that the performance benefits of the proposed QGSMRP in terms of the end-to-end tree delay, the tree cost, and the failure ratio of multicasting connections by comparison with the conventional shortest path tree (SPT) strategy.展开更多
The Internet of Things(IoT)will significantly impact our social and economic lives in the near future.Many Internet of Things(IoT)applications aim to automate multiple tasks so inactive physical objects can behave ind...The Internet of Things(IoT)will significantly impact our social and economic lives in the near future.Many Internet of Things(IoT)applications aim to automate multiple tasks so inactive physical objects can behave independently of others.IoT devices,however,are also vulnerable,mostly because they lack the essential built-in security to thwart attackers.It is essential to perform the necessary adjustments in the structure of the IoT systems in order to create an end-to-end secure IoT environment.As a result,the IoT designs that are now in use do not completely support all of the advancements that have been made to include sophisticated features in IoT,such as Cloud computing,machine learning techniques,and lightweight encryption techniques.This paper presents a detailed analysis of the security requirements,attack surfaces,and security solutions available for IoT networks and suggests an innovative IoT architecture.The Seven-Layer Architecture in IoT provides decent attack detection accuracy.According to the level of risk they pose,the security threats in each of these layers have been properly categorized,and the essential evaluation criteria have been developed to evaluate the various threats.Also,Machine Learning algorithms like Random Forest and Support Vector Machines,etc.,and Deep Learning algorithms like Artificial Neural Networks,Q Learning models,etc.,are implemented to overcome the most damaging threats posing security breaches to the different IoT architecture layers.展开更多
This paper investigates whether security headers are enforced to mitigate cyber-attacks in web-based systems in cyberspace. The security headers examined include X-Content-Type-Options, X-Frame-Options, Strict-Transpo...This paper investigates whether security headers are enforced to mitigate cyber-attacks in web-based systems in cyberspace. The security headers examined include X-Content-Type-Options, X-Frame-Options, Strict-Transport-Security, Referrer-Policy, Content-Security-Policy, and Permissions-Policy. The study employed a controlled experiment using a security header analysis tool. The web-based applications (websites) were analyzed to determine whether security headers have been correctly implemented. The experiment was iterated for 100 universities in Africa which are ranked high. The purposive sampling technique was employed to understand the status quo of the security headers implementations. The results revealed that 70% of the web-based applications in Africa have not enforced security headers in web-based applications. The study proposes a secure system architecture design for addressing web-based applications’ misconfiguration and insecure design. It presents security techniques for securing web-based applications through hardening security headers using automated threat modelling techniques. Furthermore, it recommends adopting the security headers in web-based applications using the proposed secure system architecture design.展开更多
Integrating mobility and security in the network layer has become a key factor for Future Internet Architecture(FIA). This paper proposes a secure mobility support mechanism in e Xpressive Internet Architecture(XIA),a...Integrating mobility and security in the network layer has become a key factor for Future Internet Architecture(FIA). This paper proposes a secure mobility support mechanism in e Xpressive Internet Architecture(XIA),a new FIA currently under development as part of the US National Science Foundation's(NSF) program. Utilizing the natural features of ID/locator decoupling and versatile routing in XIA, a general mechanism to support host mobility is proposed. Exploiting the self-certifying identifier, a secure binding update protocol to overcome the potential threats introduced by the proposed mobility support mechanism is also given. We demonstrate that our design in XIA outperforms IP based solutions in terms of efficiency and flexibility. We also outline our initial design to illustrate one derivative benefit of an evolvable architecture:mobility support customizability with no sacrifice of architectural generality.展开更多
Pervasive IoT applications enable us to perceive,analyze,control,and optimize the traditional physical systems.Recently,security breaches in many IoT applications have indicated that IoT applications may put the physi...Pervasive IoT applications enable us to perceive,analyze,control,and optimize the traditional physical systems.Recently,security breaches in many IoT applications have indicated that IoT applications may put the physical systems at risk.Severe resource constraints and insufficient security design are two major causes of many security problems in IoT applications.As an extension of the cloud,the emerging edge computing with rich resources provides us a new venue to design and deploy novel security solutions for IoT applications.Although there are some research efforts in this area,edge-based security designs for IoT applications are still in its infancy.This paper aims to present a comprehensive survey of existing IoT security solutions at the edge layer as well as to inspire more edge-based IoT security designs.We first present an edge-centric IoT architecture.Then,we extensively review the edge-based IoT security research efforts in the context of security architecture designs,firewalls,intrusion detection systems,authentication and authorization protocols,and privacy-preserving mechanisms.Finally,we propose our insight into future research directions and open research issues.展开更多
基金supported by the Research Program funded by the SeoulTech(Seoul National University of Science and Technology).
文摘The emergence of various technologies such as terahertz communications,Reconfigurable Intelligent Surfaces(RIS),and AI-powered communication services will burden network operators with rising infrastructure costs.Recently,the Open Radio Access Network(O-RAN)has been introduced as a solution for growing financial and operational burdens in Beyond 5G(B5G)and 6G networks.O-RAN promotes openness and intelligence to overcome the limitations of traditional RANs.By disaggregating conventional Base Band Units(BBUs)into O-RAN Distributed Units(O-DU)and O-RAN Centralized Units(O-CU),O-RAN offers greater flexibility for upgrades and network automation.However,this openness introduces new security challenges compared to traditional RANs.Many existing studies overlook these security requirements of the O-RAN networks.To gain deeper insights into the O-RAN system and security,this paper first provides an overview of the general O-RAN architecture and its diverse use cases relevant to B5G and 6G applications.We then delve into specifications of O-RAN security threats and requirements,aiming to mitigate security vulnerabilities effectively.By providing a comprehensive understanding of O-RAN architecture,use cases,and security considerations,thisworkserves as a valuable resource for future research in O-RAN and its security.
基金This work was supported by the National Natural Science Foundation of China(U2133208,U20A20161).
文摘With the popularization of the Internet and the development of technology,cyber threats are increasing day by day.Threats such as malware,hacking,and data breaches have had a serious impact on cybersecurity.The network security environment in the era of big data presents the characteristics of large amounts of data,high diversity,and high real-time requirements.Traditional security defense methods and tools have been unable to cope with the complex and changing network security threats.This paper proposes a machine-learning security defense algorithm based on metadata association features.Emphasize control over unauthorized users through privacy,integrity,and availability.The user model is established and the mapping between the user model and the metadata of the data source is generated.By analyzing the user model and its corresponding mapping relationship,the query of the user model can be decomposed into the query of various heterogeneous data sources,and the integration of heterogeneous data sources based on the metadata association characteristics can be realized.Define and classify customer information,automatically identify and perceive sensitive data,build a behavior audit and analysis platform,analyze user behavior trajectories,and complete the construction of a machine learning customer information security defense system.The experimental results show that when the data volume is 5×103 bit,the data storage integrity of the proposed method is 92%.The data accuracy is 98%,and the success rate of data intrusion is only 2.6%.It can be concluded that the data storage method in this paper is safe,the data accuracy is always at a high level,and the data disaster recovery performance is good.This method can effectively resist data intrusion and has high air traffic control security.It can not only detect all viruses in user data storage,but also realize integrated virus processing,and further optimize the security defense effect of user big data.
文摘This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends that they are not the same. The concept of cyber security is explored, which goes beyond protecting information resources to include a wider variety of assets, including people [1]. Protecting information assets is the main goal of traditional information security, with consideration to the human element and how people fit into the security process. On the other hand, cyber security adds a new level of complexity, as people might unintentionally contribute to or become targets of cyberattacks. This aspect presents moral questions since it is becoming more widely accepted that society has a duty to protect weaker members of society, including children [1]. The study emphasizes how important cyber security is on a larger scale, with many countries creating plans and laws to counteract cyberattacks. Nevertheless, a lot of these sources frequently neglect to define the differences or the relationship between information security and cyber security [1]. The paper focus on differentiating between cybersecurity and information security on a larger scale. The study also highlights other areas of cybersecurity which includes defending people, social norms, and vital infrastructure from threats that arise from online in addition to information and technology protection. It contends that ethical issues and the human factor are becoming more and more important in protecting assets in the digital age, and that cyber security is a paradigm shift in this regard [1].
基金Supported by Key Scientific Research Foundation of Southwest Forestry University(110809)~~
文摘The concept of landscape architecture with eco-security was proposed,ecological security of landscape architecture in Yunnan was elaborated from 8 aspects,specifically as landform,typical climate,natural vegetation,biodiversity,transplantation of large-size trees,disaster-proof function,greening security,introduction of garden species.Moreover,countermeasures for maintaining the ecological security of landscape architecture in Yunnan Province were further put forward,① In view of local conditions,inheriting natural views of classical Chinese gardens,respecting all natural elements,② Rising higher requirements on the planning of garden green space system,③ Paying more attention to the integrated construction of green spaces in urban and rural areas,maintaining the wholeness of suburban ecosystem,④ Devoting more in developing seedling industry,culturing more large-size seedlings in original sites,⑤ Selecting right trees for right sites in constructing urban gardens.Eventually,it was proposed that gardens in Yunnan Province should be developed by combining with its outstanding ecological conditions,among which ecological security should be the focus of attention.
文摘This paper deals with the security of stock market transactions within financial markets, particularly that of the West African Economic and Monetary Union (UEMOA). The confidentiality and integrity of sensitive data in the stock market being crucial, the implementation of robust systems which guarantee trust between the different actors is essential. We therefore proposed, after analyzing the limits of several security approaches in the literature, an architecture based on blockchain technology making it possible to both identify and reduce the vulnerabilities linked to the design, implementation work or the use of web applications used for transactions. Our proposal makes it possible, thanks to two-factor authentication via the Blockchain, to strengthen the security of investors’ accounts and the automated recording of transactions in the Blockchain while guaranteeing the integrity of stock market operations. It also provides an application vulnerability report. To validate our approach, we compared our results to those of three other security tools, at the level of different metrics. Our approach achieved the best performance in each case.
基金supported by National Information Security Program under Grant No.2009A112
文摘Security is a key problem for the development of Cloud Computing. A common service security architecture is a basic abstract to support security research work. The authorization ability in the service security faces more complex and variable users and environment. Based on the multidimensional views, the service security architecture is described on three dimensions of service security requirement integrating security attributes and service layers. An attribute-based dynamic access control model is presented to detail the relationships among subjects, objects, roles, attributes, context and extra factors further. The model uses dynamic control policies to support the multiple roles and flexible authority. At last, access control and policies execution mechanism were studied as the implementation suggestion.
基金supported in part by the following grants:National Science Foundation of China(Grant No.61272400)Chongqing Innovative Team Fund for College Development Project(Grant No.KJTD201310)+3 种基金Chongqing Youth Innovative Talent Project(Grant No.cstc2013kjrc-qnrc40004)Science and Technology Research Program of the Chongqing Municipal Education Committee(Grant No.KJ1500425)Foundation of CQUPT(Grant No.WF201403)Chongqing Graduate Research and Innovation Project(Grant No.CYS14146)
文摘The fact that the security facilities within a system are closely coupled and the security facilities between systems are unconnected results in an isolated protection structure for systems, and gives rise to a serious challenge to system security integrations and system controls. Also, the need for diversified services and flexible extensions of network security asks for more considerations and contribu?tions from the perspective of software engineering in the process of designing and constructing security systems. Based on the essence of the virtualization technique and the idea of software-defined networks, we in this paper propose a novel software-defi ned security architecture for systems. By abstracting the traditional security facilities and techniques, the proposed security architecture provides a new, simple, effective, and programmable framework in which security operations and security controls can be decoupled, and thereby reduces the software module sizes, decreases the intensity of software deve?lopments, and improves the security extensibility of systems.
文摘As the Internet of Things (IoT) is emerging as an attractive paradigm, a typical IoT architecture that U2IoT (Unit IoT and Ubiquitous IoT) model has been presented for the future IoT. Based on the U2IoT model, this paper proposes a cyber-physical-social based security architecture (IPM) to deal with Information, Physical, and Management security perspectives, and presents how the architectural abstractions support U2IoT model. In particular, 1) an information security model is established to describe the mapping relations among U2IoT, security layer, and security requirement, in which social layer and additional intelligence and compatibility properties are infused into IPM;2) physical security referring to the external context and inherent infrastructure are inspired by artificial immune algorithms;3) recommended security strategies are suggested for social management control. The proposed IPM combining the cyber world, physical world and human social provides constructive proposal towards the future IoT security and privacy protection.
基金supported by the Foundation for Innovative Research Groups of the National Natural Science Foundation of China (No.61521003)the National Key R&D Program of China (No.2016YFB0800100,No.2016YFB0800101)the National Natural Science Foundation of China (No.61602509)
文摘Current SDN controllers suffer from a series of potential attacks. For example, malicious flow rules may lead to system disorder by introducing unexpected flow entries. In this paper, we propose Mcad-SA, an aware decision-making security architecture with multiple controllers, which could coordinate heterogeneous controllers internally as a "big" controller. This architecture includes an additional plane, the scheduling plane, which consists of transponder, sensor, decider and scheduler. Meanwhile it achieves the functions of communicating, supervising and scheduling between data and control plane. In this framework, we adopt the vote results from the majority of controllers to determine valid flow rules distributed to switches. Besides, an aware dynamic scheduling(ADS) mechanism is devised in scheduler to intensify security of Mcad-SA further. Combined with perception, ADS takes advantage of heterogeneity and redundancy of controllers to enable the control plane operate in a dynamic, reliable and unsteady state, which results in significant difficulty of probing systems and executing attacks. Simulation results demonstrate the proposed methods indicate better security resilience over traditional architectures as they have lower failure probability when facing attacks.
文摘More and more modern group oriented collaborativeapplications use the peer-to-peer(P2P)paradigm tobe independent of expensive infrastructures as theyare,for instance,provided for audio and video conferencesby H.323 systems.Decentralized collaborativeP2P solutions require appropriate mechanismsto protect group privacy and data integrity.A centralizedclient/server based video conference system canbe well shielded in a standard manner,whilst thereare no off-the-shelf approaches to secure a P2P videoconference up to now.The paper addresses this issueand presents a flexible security architecture.Usingthe BRAVIS system[4]as an example it shows howthe architecture can be embedded into a P2P videoconferencing system.
文摘Smart distribution grid needs data communication systems as a support to complete their important functions. The smart distribution grid of the data and information are increasingly adopting internet protocol and Ethernet technology. The IP addresses are more and more important for the smart distribution grid equipment. The current IPv4 protocol occupies a dominant position; therefore, the challenges of the evolution to IPv6 and network security are faced by data communication systems of the smart distribution grid. The importance of data communications network and its main bearer of business were described. The data communications network from IPv4 to IPv6 evolution of the five processes and four stages of the transition were analyzed. The smart distribution grid data communications network security and types of their offensive and defensive were discussed. And the data communications network security architecture was established. It covers three dimensions, the security level, the communications network security engineering and the communications network security management. The security architecture safeguards the evolution to IPv6 for the smart distribution grid data communication systems.
基金supplemented by a paper presented at the 6th International Symposium on Mobile Internet Security(MobiSec 2022).
文摘As time and space constraints decrease due to the development of wireless communication network technology,the scale and scope of cyber-attacks targeting the Internet of Things(IoT)are increasing.However,it is difficult to apply high-performance security modules to the IoT owing to the limited battery,memory capacity,and data transmission performance depend-ing on the size of the device.Conventional research has mainly reduced power consumption by lightening encryption algorithms.However,it is difficult to defend large-scale information systems and networks against advanced and intelligent attacks because of the problem of deteriorating security perfor-mance.In this study,we propose wake-up security(WuS),a low-power security architecture that can utilize high-performance security algorithms in an IoT environment.By introducing a small logic that performs anomaly detection on the IoT platform and executes the security module only when necessary according to the anomaly detection result,WuS improves security and power efficiency while using a relatively high-complexity security module in a low-power environment compared to the conventional method of periodically exe-cuting a high-performance security module.In this study,a Python simulator based on the UNSW-NB15 dataset is used to evaluate the power consumption,latency,and security of the proposed method.The evaluation results reveal that the power consumption of the proposed WuS mechanism is approxi-mately 51.8%and 27.2%lower than those of conventional high-performance security and lightweight security modules,respectively.Additionally,the laten-cies are approximately 74.8%and 65.9%lower,respectively.Furthermore,the WuS mechanism achieved a high detection accuracy of approximately 96.5%or greater,proving that the detection efficiency performance improved by approximately 33.5%compared to the conventional model.The performance evaluation results for the proposed model varied depending on the applied anomaly-detection model.Therefore,they can be used in various ways by selecting suitable models based on the performance levels required in each industry.
文摘The Internet of Things(IoT)is a recent technology,which implies the union of objects,“things”,into a single worldwide network.This promising paradigm faces many design challenges associated with the dramatic increase in the number of end-devices.Device identification is one of these challenges that becomes complicated with the increase of network devices.Despite this,there is still no universally accepted method of identifying things that would satisfy all requirements of the existing IoT devices and applications.In this regard,one of the most important problems is choosing an identification system for all IoT devices connected to the public communication networks.Many unique soft-ware and hardware solutions are used as a unique global identifier;however,such solutions have many limitations.This article proposes a novel solution,based on the Digital Object Architecture(DOA),that meets the requirements of identifying devices and applications of the IoT.This work analyzes the benefits of using the DOA as an identification platform in modern telecommunication networks.We propose a model of an identification system based on the architecture of digital objects,which differs from the well-known ones.The proposed model ensures an acceptable quality of service(QoS)in the common architecture of the existing public communication networks.A novel interaction architecture is developed by introducing a Middle Handle Register(MHR)between the global register,i.e.,Global Handle Register(GHR),and local register,i.e.,Local Handle Register(LHR).The aspects of the network interaction and the compatibility of IoT end-devices with the integrated DOA identifiers in heterogeneous communication networks are presented.The developed model is simulated for a wide-area network with allocated registers,and the results are introduced and discussed.
文摘Most recent satellite network research has focused on providing routing services without considering security. In this paper, for the sake of better global coverage, we introduce a novel triple-layered satellite network architecture including Geostationary Earth Orbit (GEO), Highly Elliptical Orbit (HEO), and Low Earth Orbit (LEO) satellite layers, which provides the near-global coverage with 24 hour uninterrupted over the areas varying from 75° S to 90° N. On the basis of the hierarchical architecture, we propose a QoS-guaranteed secure multicast routing protocol (QGSMRP) for satellite IP networks using the logical location concept to isolate the mobility of LEO and HEO satellites. In QGSMRP, we employ the asymmetric cryptography to secure the control messages via the pairwise key pre-distribution, and present a least cost tree (LCT) strategy to construct the multicast tree under the condition that the QoS constraints are guaranteed, aiming to minimize the tree cost. Simulation results show that the performance benefits of the proposed QGSMRP in terms of the end-to-end tree delay, the tree cost, and the failure ratio of multicasting connections by comparison with the conventional shortest path tree (SPT) strategy.
文摘The Internet of Things(IoT)will significantly impact our social and economic lives in the near future.Many Internet of Things(IoT)applications aim to automate multiple tasks so inactive physical objects can behave independently of others.IoT devices,however,are also vulnerable,mostly because they lack the essential built-in security to thwart attackers.It is essential to perform the necessary adjustments in the structure of the IoT systems in order to create an end-to-end secure IoT environment.As a result,the IoT designs that are now in use do not completely support all of the advancements that have been made to include sophisticated features in IoT,such as Cloud computing,machine learning techniques,and lightweight encryption techniques.This paper presents a detailed analysis of the security requirements,attack surfaces,and security solutions available for IoT networks and suggests an innovative IoT architecture.The Seven-Layer Architecture in IoT provides decent attack detection accuracy.According to the level of risk they pose,the security threats in each of these layers have been properly categorized,and the essential evaluation criteria have been developed to evaluate the various threats.Also,Machine Learning algorithms like Random Forest and Support Vector Machines,etc.,and Deep Learning algorithms like Artificial Neural Networks,Q Learning models,etc.,are implemented to overcome the most damaging threats posing security breaches to the different IoT architecture layers.
文摘This paper investigates whether security headers are enforced to mitigate cyber-attacks in web-based systems in cyberspace. The security headers examined include X-Content-Type-Options, X-Frame-Options, Strict-Transport-Security, Referrer-Policy, Content-Security-Policy, and Permissions-Policy. The study employed a controlled experiment using a security header analysis tool. The web-based applications (websites) were analyzed to determine whether security headers have been correctly implemented. The experiment was iterated for 100 universities in Africa which are ranked high. The purposive sampling technique was employed to understand the status quo of the security headers implementations. The results revealed that 70% of the web-based applications in Africa have not enforced security headers in web-based applications. The study proposes a secure system architecture design for addressing web-based applications’ misconfiguration and insecure design. It presents security techniques for securing web-based applications through hardening security headers using automated threat modelling techniques. Furthermore, it recommends adopting the security headers in web-based applications using the proposed secure system architecture design.
基金supported by NSFC (No.61672060)National High Technology Research and Development Program of China (863 Program, No.2015AA015701)
文摘Integrating mobility and security in the network layer has become a key factor for Future Internet Architecture(FIA). This paper proposes a secure mobility support mechanism in e Xpressive Internet Architecture(XIA),a new FIA currently under development as part of the US National Science Foundation's(NSF) program. Utilizing the natural features of ID/locator decoupling and versatile routing in XIA, a general mechanism to support host mobility is proposed. Exploiting the self-certifying identifier, a secure binding update protocol to overcome the potential threats introduced by the proposed mobility support mechanism is also given. We demonstrate that our design in XIA outperforms IP based solutions in terms of efficiency and flexibility. We also outline our initial design to illustrate one derivative benefit of an evolvable architecture:mobility support customizability with no sacrifice of architectural generality.
基金This research has been supported by the National Science Foundation(under grant#1723596)the National Security Agency(under grant#H98230-17-1-0355).
文摘Pervasive IoT applications enable us to perceive,analyze,control,and optimize the traditional physical systems.Recently,security breaches in many IoT applications have indicated that IoT applications may put the physical systems at risk.Severe resource constraints and insufficient security design are two major causes of many security problems in IoT applications.As an extension of the cloud,the emerging edge computing with rich resources provides us a new venue to design and deploy novel security solutions for IoT applications.Although there are some research efforts in this area,edge-based security designs for IoT applications are still in its infancy.This paper aims to present a comprehensive survey of existing IoT security solutions at the edge layer as well as to inspire more edge-based IoT security designs.We first present an edge-centric IoT architecture.Then,we extensively review the edge-based IoT security research efforts in the context of security architecture designs,firewalls,intrusion detection systems,authentication and authorization protocols,and privacy-preserving mechanisms.Finally,we propose our insight into future research directions and open research issues.
