A multi-layered blockchain framework for smart mobility datamarkets
یک چارچوب بلاکچین چند لایه برای بانک اطلاعاتی تحرک هوشمند-2019
Blockchain has the potential to render the transaction of information more secure and transparent. Nowadays, transportation data are shared across multiple entities using heterogeneous mediums, from paper collected data to smartphone. Most of this data are stored in central servers that are susceptible to hacks. In some cases shady actors who may have access to such sources, share the mobility data with unwanted third parties. A multi-layered Blockchain framework for Smart Mobility Data-market (BSMD) is presented for addressing the associated privacy, security, management, and scalability challenges. Each participant shares their encrypted data to the blockchain network and can transact information with other participants as long as both parties agree to the transaction rules issued by the owner of the data. Data ownership, transparency, auditability and access control are the core principles of the proposed blockchain for smart mobility data-market. In a case study of real-time mobility data sharing, we demonstrate the performance of BSMD on a 370 nodes blockchain running on heterogeneous and geographicallyseparated devices communicating on a physical network. We also demonstrate how BSMD ensures the cybersecurity and privacy of individual by safeguarding against spoofing and message interception attacks and providing information access management control.
Keywords: Blockchain | Privacy | Cybersecurity | Mobility | Big Data
Snatched secrets: Cybercrime and trade secrets modelling a firms decision to report a theft of trade secrets
اسرار ربوده شده: جرایم سایبری و اسرار تجاری مدل سازی تصمیم یک شرکت برای گزارش سرقت اسرار تجاری-2019
Cybercrime and economic espionage are increasing problems for firms. We build on US FBI policy to frame the interaction between a cybercrime victim firm and a government security agency. We bring together several strands in the literature to model the strategies of the firm, which has suffered a cy- ber breach and theft of trade secrets, and the government security agency, which must investigate and prosecute crimes. We investigate the interactions between these two players, in which the firm has pri- vate information about its cybersecurity investment. This investment level is unknown to the security agency, which must nonetheless decide how to prioritize reported crime. We model this asymmetric in- formation problem within a game theoretic signaling framework derived from Becker’s work in crime and punishment. We suggest that such a framework can inform policy to encourage security investments by firms and more efficient resource utilization by security agencies. We particularly focus on an illustrative stylized example to highlight how our modelling approach can be helpful. In this example we compare two worlds; one where all security breaches become public knowledge and another where only reported breaches become public knowledge. We then formulate two potentially testable Hypotheses and several implications of these Hypotheses. Case studies and a policy analysis further highlight how our framework plays out in reality
Keywords: Cyber security | Cybercrime | Trade secrets | Economic espionage | Cyber breaches
Policy specification and verification for blockchain and smart contracts in 5G networks
مشخصات و تأیید خط مشی قراردادهای بلاکچین و هوشمند در شبکه های 5G-2019
Blockchain offers unprecedented opportunities for innovation in financial transactions. A whole new world of opportunities for banking, lending, insurance, money transfer, investments, and stock markets awaits. However, the potential for wide-scale adoption of blockchain is hindered with cybersecurity and privacy issues. We provide an overview of the risks and security requirements and give an outlook for future research that could be helpful in solving some of the challenges. We also present an approach for policy specification and verification of financial transactions based on smart contracts.
Keywords: Blockchain | Security policy | Smart contract | 5G networks
Attack and anomaly detection in IoT sensors in IoT sites using machine learning approaches
حمله و تشخیص ناهنجاری در سنسورهای IoT در سایت های IoT با استفاده از روشهای یادگیری ماشین-2019
Attack and anomaly detection in the Internet of Things (IoT) infrastructure is a rising concern in the domain of IoT. With the increased use of IoT infrastructure in every do- main, threats and attacks in these infrastructures are also growing commensurately. De- nial of Service, Data Type Probing, Malicious Control, Malicious Operation, Scan, Spying and Wrong Setup are such attacks and anomalies which can cause an IoT system failure. In this paper, performances of several machine learning models have been compared to predict attacks and anomalies on the IoT systems accurately. The machine learning (ML) algorithms that have been used here are Logistic Regression (LR), Support Vector Machine (SVM), Decision Tree (DT), Random Forest (RF), and Artificial Neural Network (ANN). The evaluation metrics used in the comparison of performance are accuracy, precision, recall, f1 score, and area under the Receiver Operating Characteristic Curve. The system obtained 99.4% test accuracy for Decision Tree, Random Forest, and ANN. Though these techniques have the same accuracy, other metrics prove that Random Forest performs comparatively better.
Keywords: Internet of Things (IoT) | Machine Learning | Cybersecurity | Anomaly detection
A survey on cybersecurity, data privacy, and policy issues in cyber-physical system deployments in smart cities
مروری بر امنیت سایبری ، حریم خصوصی داده ها و مسائل مربوط به سیاست در استقرار سیستم سایبر فیزیکی در شهرهای هوشمند-2019
Deployments of Cyber Physical Systems (CPSs) in smart cities are poised to significantly improve healthcare, transportation services, utilities, safety, and environmental health. However, these efficiencies and service improvements will come at a price: increased vulnerability and risk. Smart city deployments have already begun to proliferate, as have the upsides, efficiencies, and cost-savings they can facilitate. There are, however, proliferating challenges and costs as well. These challenges include important technical questions, but equally important policy and organizational questions. It is important to understand that these policy and technical implementation hurdles are perhaps equally likely to slow or disable smart city implementation efforts. In this paper, a survey of the theoretical and practical challenges and opportunities are enumerated not only in terms of their technical aspects, but also in terms of policy and governance issues of concern..
Keywords: Smart cities | Cyber security | Government policy making | Cryptography | Security and privacy | Authentication
Friction, snake oil, and weird countries: Cybersecurity systems could deepen global inequality through regional blocking
اصطکاک، روغن مار، و کشورهای عجیب و غریب: سیستم های امنیت سایبری می تواند نابرابری جهانی را از طریق مسدود سازی منطقه ای تقویت کند-2019
In this moment of rising nationalism worldwide, governments, civil society groups, transnational companies, and web users all complain of increasing regional fragmentation online. While prior work in this area has primarily focused on issues of government censorship and regulatory compliance, we use an inductive and qualitative approach to examine targeted blocking by corporate entities of entire regions motivated by concerns about fraud, abuse, and theft. Through participant-observation at relevant events and intensive interviews with experts, we document the quest by professionals tasked with preserving online security to use new machine-learning based techniques to develop a ‘‘fairer’’ system to determine patterns of ‘‘good’’ and ‘‘bad’’ usage. However, we argue that without understanding the systematic social and political conditions that produce differential behaviors online, these systems may continue to embed unequal treatments, and troublingly may further disguise such discrimination behind more complex and less transparent automated assessment. In order to support this claim, we analyze how current forms of regional blocking incentivize users in blocked regions to behave in ways that are commonly flagged as problematic by dominant security and identification systems. To realize truly global, non-Eurocentric cybersecurity techniques would mean incorporating the ecosystems of service utilization developed by marginalized users rather than reasserting norms of an imagined (Western) user that casts aberrations as suspect.
Keywords: Regional blocking | machine learning | classification | inequality | discrimination | security
Crime control in the sphere of information technologies in the Republic of Turkey
کنترل جرم در حوزه فناوری های اطلاعات در جمهوری ترکیه-2019
Cybercrime is considered an issue of both local and global concern. Therefore, this study focuses on the local experience in cybercrime control of different countries, including the Republic of Turkey. The article discusses issues in cybersecurity policy and analyzes the legislative framework of the Republic of Turkey on cybercrime issues. The findings underlie the continuing education policy for cybersecurity employees. The study concludes that Turkey handles the current cybercrime situation with efficiency.
Keywords: Cybercrime | Unauthorized access | Criminal law | Ratification | Training of police officers
Deep Learning Clusters in the Cognitive Packet Network
خوشه های یادگیری عمیق در شبکه بسته های شناختی-2019
The Cognitive Packet Network (CPN) bases its routing decisions and flow control on the Random Neural Network (RNN) Reinforcement Learning algorithm; this paper proposes the addition of a Deep Learning (DL) Cluster management structure to the CPN for Quality of Service metrics (Delay Loss and Bandwidth), Cyber Security keys (User, Packet and Node) and Management decisions (QoS, Cyber and CEO). The RNN already models how neurons transmit information using positive and negative impulsive signals whereas the proposed additional Deep Learning structure emulates the way the brain learns and takes decisions; this paper presents a brain model as the combination of both learning algorithms, RNN and DL. The pro- posed model has been simulated under different network sizes and scenarios and it has been validated against the CPN itself without DL clusters. The simulation results are promising; the presented CPN with DL clusters as a mechanism to transmit, learn and make packet routing decisions is a step closer to em- ulate the way the brain transmits information, learns the environment and takes decisions.
Keywords: Random Neural Network | Deep Learning Clusters | Cognitive Packet Network | QoS | Cybersecurity | Routing
Blockchain-based mechanism for fine-grained authorization in data crowdsourcing
مکانیسم مبتنی بر بلاکچین برای مجوز دانه ریز در جمع آوری داده ها-2019
Data crowdsourcing is a distributed data acquisition method to efficiently collect a sizeable amount of high-quality data from a large network of contributors who participate in data trading activities. However, traditional data crowdsourcing platforms are almost invariably based on a centralized architecture, which tends to give unfair advantages to the platform operator; besides, centralized platforms are obvious targets for cybersecurity attacks and become a single point of failure. Furthermore, a centralized approach with stringent security control also suffers from serious scalability issue. For example, if data owners manage a database with large amounts of valuable data, they have to retrieve data from their database in accordance with certain access policies and encrypt retrieved data for each requester; hence they become bottlenecks in the data trading process when the number of requesters is very large. To address the above issues, we propose a blockchain-based mechanism for fine-grained authorization in data crowdsourcing (BC-FGA-DCrowd). In the BC-FGA-DCrowd scheme, we use a public blockchain to implement cryptocurrencies and payment services as incentive schemes for data trading platform users. With this approach, data owners can employ Ciphertext-Policy Attribute-Based Encryption (CP-ABE) to pre-process the complex encryption workload, and generate the attribute private key for data requester to achieve the fine-grained authorization. In this paper, we also prove that the BC-FGA-DCrowd scheme satisfies the correctness and fairness requirements of data trading, and can effectively withstand malicious activities of internal users and external DDos and Sybil attackers. The approach was tested on a private Ethereum network using Ganache with a local host.
Keywords: Data crowdsourcing | Blockchain | Smart contracts | Fine-grained authorization | Data trade
Security challenges with network functions virtualization
چالش های امنیتی با توابع شبکه مجازی سازی -2017
The advent of network functions virtualization (NFV) has revolutionized numerous network-based applications due to its several benefits such as flexibility, manageability, scalability, and security. By the software-based virtualization of network functions on a single infrastructure, NFV provides users with a framework that dynamically provisions various network services in a flexible manner. However, NFV faces several security challenges (e.g., multi-tenancy and live migration) which make it vulnerable to some cybersecurity attacks (e.g., side-channel attacks and shared resource misuse attacks). In this paper, we provide an overview of NFV, discuss potentially serious security threats on NFV and introduce effective countermeasures to mitigate those threats. Finally, we suggest some practical solutions to provide a trustworthy platform for NFV.
Keywords: Network functions virtualization | Network security | Virtualized network function | Security threats