The secured access is studied in this paper for the network of the image remote sensing.Each sensor in this network encounters the information security when uploading information of the images wirelessly from the sens...The secured access is studied in this paper for the network of the image remote sensing.Each sensor in this network encounters the information security when uploading information of the images wirelessly from the sensor to the central collection point.In order to enhance the sensing quality for the remote uploading,the passive reflection surface technique is employed.If one eavesdropper that exists nearby this sensor is keeping on accessing the same networks,he may receive the same image from this sensor.Our goal in this paper is to improve the SNR of legitimate collection unit while cut down the SNR of the eavesdropper as much as possible by adaptively adjust the uploading power from this sensor to enhance the security of the remote sensing images.In order to achieve this goal,the secured energy efficiency performance is theoretically analyzed with respect to the number of the passive reflection elements by calculating the instantaneous performance over the channel fading coefficients.Based on this theoretical result,the secured access is formulated as a mathematical optimization problem by adjusting the sensor uploading power as the unknown variables with the objective of the energy efficiency maximization while satisfying any required maximum data rate of the eavesdropper sensor.Finally,the analytical expression is theoretically derived for the optimum uploading power.Numerical simulations verify the design approach.展开更多
Robust-by-design(RbD)is a design strategy that uses adversary emulation to strengthen the security of an information and communication infrastructure.It relies on two key components:the security twin and the threat ac...Robust-by-design(RbD)is a design strategy that uses adversary emulation to strengthen the security of an information and communication infrastructure.It relies on two key components:the security twin and the threat actor twins.The security twin is a detailed database that outlines the different parts of the infrastructure,how they are connected,and their vulnerabilities.It also highlights the types of attacks each part could enable.On the other hand,the twin of a threat actor describes its potential attack surface,the attacks it can carry out,its strategy,and its ultimate goal,if any.This information comes from threat intelligence.RbD conducts independent simulations of various threat actors against the security twin to identify all possible attack paths they could exploit.Three types of analysis use this information to improve the robustness and resilience of the infrastructure.The first analysis fills in the gaps in threat intelligence by extending in-formation on threat actors and vulnerabilities.The second analysis focuses on selecting countermeasures aimed at eliminating attack paths or at least reducing their chances of success.Possible countermeasures include patching vulnerabilities,adjusting firewall rules,and implementing network segmentation.Information on attack paths guides the choice and configuration of these countermeasures.Once the infrastructure twin is updated to reflect countermeasure deployment,RbD performs further simulations to uncover any new attack paths that could be exploited and to identify additional coun-termeasures.The final analysis seeks to address the risks associated with any remaining unaddressed attack paths.展开更多
Cyber-physical systems (CPSs) are new emerging systems that seamlessly integrate physical systems, communication systems and computation systems. Their wide use has been witnessed in the past decades in many crossdi...Cyber-physical systems (CPSs) are new emerging systems that seamlessly integrate physical systems, communication systems and computation systems. Their wide use has been witnessed in the past decades in many crossdiscipline fields such as smart energy systems, industrial process control, aerospace and automobile engineering, health-care and assisted living, to just name a few. For many of these systems, secure operations are of key con- cerns. In particular, for some safety-critical applications, security is of paramount importance. Diverse motivations and strong incentives exist everywhere and at any time for launching malicious attacks on the CPSs, for example, economic reasons (e.g., by reducing or even not paying electricity charge) and terrorism the purpose of which is apparent.展开更多
This paper investigates whether security headers are enforced to mitigate cyber-attacks in web-based systems in cyberspace. The security headers examined include X-Content-Type-Options, X-Frame-Options, Strict-Transpo...This paper investigates whether security headers are enforced to mitigate cyber-attacks in web-based systems in cyberspace. The security headers examined include X-Content-Type-Options, X-Frame-Options, Strict-Transport-Security, Referrer-Policy, Content-Security-Policy, and Permissions-Policy. The study employed a controlled experiment using a security header analysis tool. The web-based applications (websites) were analyzed to determine whether security headers have been correctly implemented. The experiment was iterated for 100 universities in Africa which are ranked high. The purposive sampling technique was employed to understand the status quo of the security headers implementations. The results revealed that 70% of the web-based applications in Africa have not enforced security headers in web-based applications. The study proposes a secure system architecture design for addressing web-based applications’ misconfiguration and insecure design. It presents security techniques for securing web-based applications through hardening security headers using automated threat modelling techniques. Furthermore, it recommends adopting the security headers in web-based applications using the proposed secure system architecture design.展开更多
Side channel attack may result in user key leakage as scan test techniques are applied for crypto-graphic chips. Many secure scan designs have been proposed to protect the user key. This paper meticulously selects thr...Side channel attack may result in user key leakage as scan test techniques are applied for crypto-graphic chips. Many secure scan designs have been proposed to protect the user key. This paper meticulously selects three current scan test techniques, analyses their advantages and disadvantages and also compares them in security and area overhead. Users can choose one of them according to the requirements and further combination can be implemented to achieve better performance.展开更多
基金supported in part by Jiangsu Province High Level“333”Program (0401206044)National Natural Science Foundation of China (61801243,62072255)+4 种基金Program for Scientific Research Foundation for Talented Scholars of Jinling Institute of Technology (JIT-B-202031)University Incubator Foundation of Jinling Institute of Technology (JIT-FHXM-202110)Open Project of Fujian Provincial Key Lab.of Network Security and Cryptology (NSCL-KF2021-02)Open Foundation of National Railway Intelligence Transportation System Engineering Tech.Research Center (RITS2021KF02)China Postdoctoral Science Foundation (2019M651914)。
文摘The secured access is studied in this paper for the network of the image remote sensing.Each sensor in this network encounters the information security when uploading information of the images wirelessly from the sensor to the central collection point.In order to enhance the sensing quality for the remote uploading,the passive reflection surface technique is employed.If one eavesdropper that exists nearby this sensor is keeping on accessing the same networks,he may receive the same image from this sensor.Our goal in this paper is to improve the SNR of legitimate collection unit while cut down the SNR of the eavesdropper as much as possible by adaptively adjust the uploading power from this sensor to enhance the security of the remote sensing images.In order to achieve this goal,the secured energy efficiency performance is theoretically analyzed with respect to the number of the passive reflection elements by calculating the instantaneous performance over the channel fading coefficients.Based on this theoretical result,the secured access is formulated as a mathematical optimization problem by adjusting the sensor uploading power as the unknown variables with the objective of the energy efficiency maximization while satisfying any required maximum data rate of the eavesdropper sensor.Finally,the analytical expression is theoretically derived for the optimum uploading power.Numerical simulations verify the design approach.
文摘Robust-by-design(RbD)is a design strategy that uses adversary emulation to strengthen the security of an information and communication infrastructure.It relies on two key components:the security twin and the threat actor twins.The security twin is a detailed database that outlines the different parts of the infrastructure,how they are connected,and their vulnerabilities.It also highlights the types of attacks each part could enable.On the other hand,the twin of a threat actor describes its potential attack surface,the attacks it can carry out,its strategy,and its ultimate goal,if any.This information comes from threat intelligence.RbD conducts independent simulations of various threat actors against the security twin to identify all possible attack paths they could exploit.Three types of analysis use this information to improve the robustness and resilience of the infrastructure.The first analysis fills in the gaps in threat intelligence by extending in-formation on threat actors and vulnerabilities.The second analysis focuses on selecting countermeasures aimed at eliminating attack paths or at least reducing their chances of success.Possible countermeasures include patching vulnerabilities,adjusting firewall rules,and implementing network segmentation.Information on attack paths guides the choice and configuration of these countermeasures.Once the infrastructure twin is updated to reflect countermeasure deployment,RbD performs further simulations to uncover any new attack paths that could be exploited and to identify additional coun-termeasures.The final analysis seeks to address the risks associated with any remaining unaddressed attack paths.
文摘Cyber-physical systems (CPSs) are new emerging systems that seamlessly integrate physical systems, communication systems and computation systems. Their wide use has been witnessed in the past decades in many crossdiscipline fields such as smart energy systems, industrial process control, aerospace and automobile engineering, health-care and assisted living, to just name a few. For many of these systems, secure operations are of key con- cerns. In particular, for some safety-critical applications, security is of paramount importance. Diverse motivations and strong incentives exist everywhere and at any time for launching malicious attacks on the CPSs, for example, economic reasons (e.g., by reducing or even not paying electricity charge) and terrorism the purpose of which is apparent.
文摘This paper investigates whether security headers are enforced to mitigate cyber-attacks in web-based systems in cyberspace. The security headers examined include X-Content-Type-Options, X-Frame-Options, Strict-Transport-Security, Referrer-Policy, Content-Security-Policy, and Permissions-Policy. The study employed a controlled experiment using a security header analysis tool. The web-based applications (websites) were analyzed to determine whether security headers have been correctly implemented. The experiment was iterated for 100 universities in Africa which are ranked high. The purposive sampling technique was employed to understand the status quo of the security headers implementations. The results revealed that 70% of the web-based applications in Africa have not enforced security headers in web-based applications. The study proposes a secure system architecture design for addressing web-based applications’ misconfiguration and insecure design. It presents security techniques for securing web-based applications through hardening security headers using automated threat modelling techniques. Furthermore, it recommends adopting the security headers in web-based applications using the proposed secure system architecture design.
文摘Side channel attack may result in user key leakage as scan test techniques are applied for crypto-graphic chips. Many secure scan designs have been proposed to protect the user key. This paper meticulously selects three current scan test techniques, analyses their advantages and disadvantages and also compares them in security and area overhead. Users can choose one of them according to the requirements and further combination can be implemented to achieve better performance.
