Abstract: As more parts of the power grid become connected to the internet, the risk of cyberattacks increases. To identify the cybersecurity threats and subsequently reduce vulnerabilities, the common practice is to carry out a cybersecurity risk assessment. For safety classified systems and products, there is also a need for safety risk assessments in addition to the cybersecurity risk assessment to identify and reduce safety risks. These two risk assessments are usually done separately, but since cybersecurity and functional safety are often related, a more comprehensive method covering both aspects is needed. Some work addressing this has been done for specific domains like the automotive domain, but more general methods suitable for, e.g., Intelligent Distributed Grids, are still missing. One such method from the automotive domain is the Security-Aware Hazard Analysis and Risk Assessment (SAHARA) method that combines safety and cybersecurity risk assessments. This paper presents an approach where the SAHARA method has been modified to be more suitable for larger distributed systems. The adapted SAHARA method has a more general risk assessment approach than the original SAHARA. The proposed method has been successfully applied on two use cases of an intelligent distributed grid.
Abstract: The world is gradually entering the fourth industrial revolution. E-Government services are scaling government operations across the globe. However, as promising as an e-Government system would be, it is also susceptible to malicious attacks if not properly secured. In our study, we found that in Saudi Arabia, the e-Government website, Yesser, is vulnerable to external attacks. Obviously, this can lead to a breach of data integrity and privacy. In this paper, a systematic literature review (SLR) was conducted to explore possible ways the Kingdom of Saudi Arabia can take necessary measures to strengthen its e-Government system using blockchain. Blockchain is one of the emerging technologies shaping the world through its applications in finance, elections, healthcare, etc. It secures systems and brings more transparency. A total of 28 papers were selected for this SLR, and 19 of the papers significantly showed that blockchain could enhance the security and privacy of Saudi’s e-Government system. Other papers also concluded that blockchain is effective, albeit with the integration of other technologies like IoT, AI and big data. These papers have been analyzed to sieve out the findings and set the stage for future research into the subject.
Abstract: Technological advances in the construction sector are helping to make smart cities a reality by means of Cyber-Physical Systems (CPS). CPS integrate information and the physical world through the use of Information Communication Technologies (ICT). An increasingly common goal in the built environment is to integrate Building Information Models (BIM) with Internet of Things (IoT) and sensor technologies using CPS. Future advances could see the adoption of digital twins, creating new opportunities for CPS using monitoring, simulation and optimisation technologies. However, researchers often fail to fully consider the security implications. To date, it is not widely possible to assimilate BIM data and cybersecurity concepts and, therefore, security has thus far been overlooked. This paper reviews the empirical literature concerning IoT applications in the built environment and discusses real-world applications of the IoT intended to enhance construction practices, people’s lives and bolster cybersecurity. Specifically, this research addresses two research questions: (a) How suitable are the current IoT and CPS security stacks to address the cybersecurity threats facing digital twins in the context of smart buildings and districts? and (b) What are the current obstacles to tackling cybersecurity threats to the built environment CPS? To answer these questions, this paper reviews the current state-of-the-art research concerning digital twins in the built environment, the IoT, BIM, urban cities and cybersecurity. The results of the findings of this study confirmed the importance of using digital twins in both IoT and BIM. Also, eight reference zones across Europe have gained special recognition for their contributions to the advancement of IoT science. Therefore, this paper evaluates the use of digital twins in CPS to arrive at recommendations for expanding BIM specifications to facilitate IoT compliance, bolster cybersecurity and integrate digital twin and city standards in the smart cities of the future.
Abstract: Vehicular Adhoc Networks (VANETs), a subset of Mobile Adhoc Networks (MANETs), refers to a set of smart vehicles used for road safety. This vehicle provides communication services among one another or with the Road Side Unit (RSU). Security is one of the most critical issues related to VANET as the information transmitted is distributed in an open access environment. As each vehicle is not a source of all messages, most of the communication depends on the information received from other vehicles. To protect VANET from malicious action, each vehicle must be able to evaluate, decide and react locally on the information received from other vehicles. Therefore, message verification is more challenging in VANET because of the security and privacy concerns of the participating vehicles. To overcome security threats, we propose Monitoring Algorithm that detects malicious nodes based on the pre-selected threshold value. The threshold value is compared with the distrust value which is inherently tagged with each vehicle. The proposed Monitoring Algorithm not only detects malicious vehicles, but also isolates the malicious vehicles from the network. The proposed technique is simulated using Network Simulator2 (NS2) tool. The simulation result illustrated that the proposed Monitoring Algorithm outperforms the existing algorithms in terms of malicious node detection, network delay, packet delivery ratio and throughput, thereby uplifting the overall performance of the network.
Abstract: Business processes are crucial for organizations and
help businesses to evaluate and optimize their performance and
processes against current and future-state business goals. Outsourcing
business processes to the cloud becomes popular due to a wide
varsity of benefits and cost-saving. However, cloud outsourcing raises
enterprise data security concerns, which must be incorporated in
Business Process Model and Notation (BPMN). This paper, presents
SeCloudBPMN, a lightweight extension for BPMN which extends the
BPMN to explicitly support the security threats in the cloud as an
outsourcing environment. SeCloudBPMN helps business’s security
experts to outsource business processes to the cloud considering
different threats from inside and outside the cloud. In this way,
appropriate security countermeasures could be considered to preserve
data security in business processes outsourcing to the cloud.
Abstract: Nowadays, security threats in Voice over IP (VoIP) systems are an essential and latent concern for people in charge of security in a corporate network, because, every day, new Denial-of-Service (DoS) attacks are developed. These affect the business continuity of an organization, regarding confidentiality, availability, and integrity of services, causing frequent losses of both information and money. The purpose of this study is to establish the necessary measures to mitigate DoS threats, which affect the availability of VoIP systems, based on the Session Initiation Protocol (SIP). A Security Model called MS-DoS-SIP is proposed, which is based on two approaches. The first one analyzes the recommendations of international security standards. The second approach takes into account weaknesses and threats. The implementation of this model in a VoIP simulated system allowed to minimize the present vulnerabilities in 92% and increase the availability time of the VoIP service into an organization.
Abstract: Bhutan is becoming increasingly dependent on Information and Communications Technologies (ICTs), especially the Internet for performing the daily activities of governments, businesses, and individuals. Consequently, information systems and networks are becoming more exposed and vulnerable to cybersecurity threats. This paper highlights the findings of the survey study carried out to understand the perceptions of cybersecurity implementation among government organizations in Bhutan. About 280 ICT personnel were surveyed about the effectiveness of cybersecurity implementation in their organizations. A questionnaire based on a 5 point Likert scale was used to assess the perceptions of respondents. The questions were asked on cybersecurity practices such as cybersecurity policies, awareness and training, and risk management. The survey results show that less than 50% of respondents believe that the cybersecurity implementation is effective: cybersecurity policy (40%), risk management (23%), training and awareness (28%), system development life cycle (34%); incident management (26%), and communications and operational management (40%). The findings suggest that many of the cybersecurity practices are inadequately implemented and therefore, there exist a gap in achieving a required cybersecurity posture. This study recommends government organizations to establish a comprehensive cybersecurity program with emphasis on cybersecurity policy, risk management, and awareness and training. In addition, the research study has practical implications to both government and private organizations for implementing and managing cybersecurity.
Abstract: Mobile learning (m-learning) is a novel approach to knowledge acquisition and dissemination and is gaining global attention. Steady progress in wireless technologies and the portability of communication devices continue to broaden the scope and use of mobiles. With the convergence of Web functionality onto mobile platforms and the affordability and availability of mobile technology, m-learning has the potential of being the next prevalent channel of education in both formal and informal settings. There is substantive literature on developed countries but the state in developing countries (DCs) however appears vague. This paper is a synthesis of extant literature on mobile learning in DCs. The research interest is based on the fact that in DCs, mobile communication and internet connectivity are popular. However, its use in education is under explored. There are some reviews on the state, conceptualizations, trends and teacher education, but to the authors’ knowledge, no study has focused on mobile learning adoption and integration issues. This study examines issues and gaps associated with its adoption and integration in DCs higher education institutions. A qualitative build-up of literature was conducted using articles pooled from electronic databases (Google Scholar and ERIC). To enable criteria for inclusion and incorporate diverse study perspectives, search terms used were m-learning, DCs, higher education institutions, challenges, benefits, impact, gaps and issues. The synthesis revealed that though mobile technology has diffused globally, its pedagogical pursuit in DCs remains quite low. The absence of a mobile Web and the difficulty of resource conversion into mobile format due to lack of funding and technical competence is a stumbling block. Again, the lack of established design and implementation rules to guide the development of m-learning platforms in DCs is a hindrance. The absence of access restrictions on devices poses security threats to institutional systems. Negative perceptions that devices are taking over faculty roles lead to resistance in some situations. Resistance to change can be a hindrance to the acceptance and success of new systems. Lack of interest for m-learning is also attributed to lower technological literacy levels of the underprivileged masses. Scholarly works on m-learning in DCs is yet to mature. Most technological innovations are handed down from developed countries, and this constantly creates a lag for DCs. Lack of theoretical grounding was also identified which reduces the objectivity of study reports. The socio-cultural terrain of DCs results in societies with different views and needs that have been identified as a hindrance to research. Institutional commitment decisions, adequate funding for the necessary infrastructural development as well as multiple stakeholder participation is important for project success. Evidence suggests that while adoption decisions are readily made, successful integration of the concept for its full benefits to be realized is often neglected. Recommendations to findings were made to provide possible remedies to identified issues.
Abstract: In this paper, we investigate security issues and challenges facing researchers in wireless sensor networks and countermeasures to resolve them. The broadcast nature of wireless communication makes Wireless Sensor Networks prone to various attacks. Due to resources limitation constraint in terms of limited energy, computation power and memory, security in wireless sensor networks creates different challenges than wired network security. We will discuss several attempts at addressing the issues of security in wireless sensor networks in an attempt to encourage more research into this area.
Abstract: In the recent years, a fundamental revolution in the Mobile Phone technology from just being able to provide voice and short message services to becoming the most essential part of our lives by connecting to network and various app stores for downloading software apps of almost every activity related to our life from finding location to banking from getting news updates to downloading HD videos and so on. This progress in Smart Phone industry has modernized and transformed our way of living into a trouble-free world. The smart phone has become our personal computers with the addition of significant features such as multi core processors, multi-tasking, large storage space, bluetooth, WiFi, including large screen and cameras. With this evolution, the rise in the security threats have also been amplified. In Literature, different threats related to smart phones have been highlighted and various precautions and solutions have been proposed to keep the smart phone safe which carries all the private data of a user. In this paper, a survey has been carried out to find out the most secure and the most unsecure smart phone operating system among the most popular smart phones in use today.
Abstract: Wireless networks are built upon the open shared
medium which makes easy for attackers to conduct malicious
activities. Jamming is one of the most serious security threats to
information economy and it must be dealt efficiently. Jammer
prevents legitimate data to reach the receiver side and also it
seriously degrades the network performance. The objective of this
paper is to provide a general overview of jamming in wireless
network. It covers relevant works, different jamming techniques,
various types of jammers and typical prevention techniques.
Challenges associated with comparing several anti-jamming
techniques are also highlighted.
Abstract: The Radio Frequency Identification (RFID) technology
has a diverse base of applications, but it is also prone to security
threats. There are different types of security attacks which limit the
range of the RFID applications. For example, deploying the RFID
networks in insecure environments could make the RFID system
vulnerable to many types of attacks such as spoofing attack, location
traceability attack, physical attack and many more. Therefore, security
is often an important requirement for RFID systems. In this paper,
RFID mutual authentication protocol is implemented based on mobile
agent technology and timestamp, which are used to provide strong
authentication and integrity assurances to both the RFID readers and
their corresponding RFID tags. The integration of mobile agent
technology and timestamp provides promising results towards
achieving this goal and towards reducing the security threats in RFID
systems.
Abstract: Mobile Ad Hoc Networks (MANETs) is a collection
of mobile devices forming a communication network without
infrastructure. MANET is vulnerable to security threats due to
network’s limited security, dynamic topology, scalability and the lack
of central management. The Quality of Service (QoS) routing in such
networks is limited by network breakage caused by node mobility or
nodes energy depletions. The impact of node mobility on trust
establishment is considered and its use to propagate trust through a
network is investigated in this paper. This work proposes an
enhanced Associativity Based Routing (ABR) with Fuzzy based
Trust (Fuzzy- ABR) routing protocol for MANET to improve QoS
and to mitigate network attacks.
Abstract: Most of the existing video streaming protocols
provide video services without considering security aspects in
decentralized mobile ad-hoc networks. The security policies adapted
to the currently existing non-streaming protocols, do not comply with
the live video streaming protocols resulting in considerable
vulnerability, high bandwidth consumption and unreliability which
cause severe security threats, low bandwidth and error prone
transmission respectively in video streaming applications. Therefore
a synergized methodology is required to reduce vulnerability and
bandwidth consumption, and enhance reliability in the video
streaming applications in MANET. To ensure the security measures
with reduced bandwidth consumption and improve reliability of the
video streaming applications, a Secure Low-bandwidth Video
Streaming through Reliable Multipath Propagation (SLVRMP)
protocol architecture has been proposed by incorporating the two
algorithms namely Secure Low-bandwidth Video Streaming
Algorithm and Reliable Secure Multipath Propagation Algorithm
using Layered Video Coding in non-overlapping zone routing
network topology. The performances of the proposed system are
compared to those of the other existing secure multipath protocols
Sec-MR, SPREAD using NS 2.34 and the simulation results show
that the performances of the proposed system get considerably
improved.
Abstract: The implementation of e-assessment as tool to support
the process of teaching and learning in university has become a
popular technological means in universities. E-Assessment provides
many advantages to the users especially the flexibility in teaching and
learning. The e-assessment system has the capability to improve its
quality of delivering education. However, there still exists a
drawback in terms of security which limits the user acceptance of the
online learning system. Even though there are studies providing
solutions for identified security threats in e-learning usage, there is no
particular model which addresses the factors that influences the
acceptance of e-assessment system by lecturers from security
perspective. The aim of this study is to explore security aspects of eassessment
in regard to the acceptance of the technology. As a result
a conceptual model of secure acceptance of e-assessment is proposed.
Both human and security factors are considered in formulation of this
conceptual model. In order to increase understanding of critical issues
related to the subject of this study, interpretive approach involving
convergent mixed method research method is proposed to be used to
execute the research. This study will be useful in providing more
insightful understanding regarding the factors that influence the user
acceptance of e-assessment system from security perspective.
Abstract: Every machine plays roles of client and server
simultaneously in a peer-to-peer (P2P) network. Though a P2P
network has many advantages over traditional client-server models
regarding efficiency and fault-tolerance, it also faces additional
security threats. Users/IT administrators should be aware of risks
from malicious code propagation, downloaded content legality, and
P2P software’s vulnerabilities. Security and preventative measures
are a must to protect networks from potential sensitive information
leakage and security breaches. Bit Torrent is a popular and scalable
P2P file distribution mechanism which successfully distributes large
files quickly and efficiently without problems for origin server. Bit
Torrent achieved excellent upload utilization according to
measurement studies, but it also raised many questions as regards
utilization in settings, than those measuring, fairness, and Bit
Torrent’s mechanisms choice. This work proposed a block selection
technique using Fuzzy ACO with optimal rules selected using ACO.
Abstract: Economic development and globalization of international markets have created a favourable atmosphere for the emergence of new forms of crime such as money laundering or financing of terrorism, which may contribute to destabilized and damage economic systems. In particular, money laundering have acquired great importance since the 11S attacks, what has caused on the one hand, the establishment and development of preventive measures and, on the other hand, a progressive hardening of penal measures. Since then, the regulations imposed to fight against money laundering have been viewed as key components also in the fight against terrorist financing. Terrorism, at the beginning, was a “national” crime connected with internal problems of the State (for instance the RAF in Germany or ETA in Spain) but in the last 20 years has started to be an international problem that is connected with the defence and security of the States. Therefore, the new strategic concept for the defense and security of NATO has a comprehensive list of security threats to the Alliance, such as terrorism, international instability, money laundering or attacks on cyberspace, among others. With this new concept, money laundering and terrorism has become a priority in the national defense.
In this work we will analyze the methods to combat these new threats to the national security. We will study the preventive legislations to combat money laundering and financing of terrorism, the UIF that exchange information between States, and the hawala-Banking.
Abstract: A Mobile Ad-hoc Network (MANET) is a self managing network consists of versatile nodes that are capable of communicating with each other without having any fixed infrastructure. These nodes may be routers and/or hosts. Due to this dynamic nature of the network, routing protocols are vulnerable to various kinds of attacks. The black hole attack is one of the conspicuous security threats in MANETs. As the route discovery process is obligatory and customary, attackers make use of this loophole to get success in their motives to destruct the network. In Black hole attack the packet is redirected to a node that actually does not exist in the network. Many researchers have proposed different techniques to detect and prevent this type of attack. In this paper, we have analyzed various routing protocols in this context. Further we have shown a critical comparison among various protocols. We have shown various routing metrics are required proper and significant analysis of the protocol.
Abstract: Advancement of communication technologies and smart devices in the recent times is leading to changes into the integrated wired and wireless communication environments. Since early days, businesses had started introducing environments for mobile device application to their operations in order to improve productivity (efficiency) and the closed corporate environment gradually shifted to an open structure. Recently, individual user's interest in working environment using mobile devices has increased and a new corporate working environment under the concept of BYOD is drawing attention. BYOD (bring your own device) is a concept where individuals bring in and use their own devices in business activities. Through BYOD, businesses can anticipate improved productivity (efficiency) and also a reduction in the cost of purchasing devices. However, as a result of security threats caused by frequent loss and theft of personal devices and corporate data leaks due to low security, companies are reluctant about adopting BYOD system. In addition, without considerations to diverse devices and connection environments, there are limitations in detecting abnormal behaviors, such as information leaks, using the existing network-based security equipment. This study suggests a method to detect abnormal behaviors according to individual behavioral patterns, rather than the existing signature-based malicious behavior detection, and discusses applications of this method in BYOD environment.
Abstract: In today's world, success of most systems depend on the use of new technologies and information technology (IT) which aimed to increase efficiency and satisfaction of users. One of the most important systems that use information technology to deliver services is the education system. But for educational services in the form of E-learning systems, hardware and software equipment should be containing high quality, which requires substantial investment. Because the vast majority of educational establishments can not invest in this area so the best way for them is reducing the costs and providing the E-learning services by using cloud computing. But according to the novelty of the cloud technology, it can create challenges and concerns that the most noted among them are security issues. Security concerns about cloud-based E-learning products are critical and security measures essential to protect valuable data of users from security vulnerabilities in products. Thus, the success of these products happened if customers meet security requirements then can overcome security threats. In this paper tried to explore cloud computing and its positive impact on E- learning and put main focus to identify security issues that related to cloud-based E-learning efforts which have been improve security and provide solutions in management challenges.