ARTICLE | doi:10.20944/preprints202112.0135.v1
Subject: Engineering, Electrical & Electronic Engineering Keywords: Information theoretic privacy; secure function computation; remote source; distributed computation.
Online: 8 December 2021 (14:33:36 CET)
The problem of reliable function computation is extended by imposing privacy, secrecy, and storage constraints on a remote source whose noisy measurements are observed by multiple parties. The main additions to the classic function computation problem include 1) privacy leakage to an eavesdropper is measured with respect to the remote source rather than the transmitting terminals’ observed sequences; 2) the information leakage to a fusion center with respect to the remote source is considered as a new privacy leakage metric; 3) the function computed is allowed to be a distorted version of the target function, which allows to reduce the storage rate as compared to a reliable function computation scenario in addition to reducing secrecy and privacy leakages; 4) two transmitting node observations are used to compute a function. Inner and outer bounds on the rate regions are derived for lossless and lossy single-function computation with two transmitting nodes, which recover previous results in the literature. For special cases that include invertible and partially-invertible functions, and degraded measurement channels, exact lossless and lossy rate regions are characterized, and one exact region is evaluated for an example scenario.
ARTICLE | doi:10.20944/preprints202001.0229.v1
Subject: Mathematics & Computer Science, General & Theoretical Computer Science Keywords: unmanned aerial vehicle networks (UAVNs); secure communication; agent-based self-protective; HIS
Online: 21 January 2020 (03:02:34 CET)
UAVNs (unmanned aerial vehicle networks) may become vulnerable to threats and attacks due to their characteristic features such as high mobility, highly dynamic network topology, and open-air wireless environments. Since previous work has focused on classical and metaheuristic-based approaches, none of these approaches have a self-adaptive approach. In this article, we examine the challenges of cyber detection methods to secure UAVNs and review exiting security schemes proposed in the current literature. Furthermore, we propose an agent-based self-protective method (ASP-UAVN) for UAVNs that is based on the Human Immune System (HIS). In ASP-UAS, the safest route from the source UAV to the destination UAV is chosen according to a self-protective system. In this method, a multi-agent system using an Artificial Immune System (AIS) is employed to detect the attacking UAV and choose the safest route. In the proposed ASP-UAVN, the route request packet (RREQ) is initially transmitted from the source UAV to the destination UAV to detect the existing routes. Then, once the route reply packet (RREP) is received, a self-protective method using agents and the knowledge base is employed to choose the safest route and detect the attacking UAVs. The method is evaluated here via extensive simulations carried out in the NS-3 environment. The experimental results of four scenarios demonstrated that the ASP-UAS increases the Packet Delivery Rate (PDR) by more than 17.4, 20.8, and 25.91%, and detection rate by more than 17.2, 23.1, and 29.3%, and decreases the Packet Loss Rate (PLR) by more than 14.4, 16.8, and 20.21%, the false-positive and false-negative rate by more than 16.5, 25.3, and 31.21% those of SUAS-HIS, SFA and BRUIDS methods, respectively.
CASE REPORT | doi:10.20944/preprints202212.0468.v1
Subject: Behavioral Sciences, Clinical Psychology Keywords: Mentalization; Secure Attachment; Nonsuicidal Self-Injury; Adolescents
Online: 26 December 2022 (03:50:08 CET)
This paper, which is one of the few in the world dealing with this topic, presented the psychologist's work based on the concepts of mentalization and internal working models (IWMs) of attachment, with an adolescent girl who was prone to nonsuicidal self-injury. Gaga, a student in the first grade of high school, had visible scars from cutting her hands on the inner sides of both forearms. Gaga told the psychologist that her mother believes that this is an attempt to draw attention to her problems, and even a suicide attempt. Together with Gaga, the psychologist made a formulation of her mental difficulties. The main aim of the psychologist's work with Gaga was to control unpleasant impulses and emotions, so as to eliminate self-injury. This aim has been achieved through three global tasks: 1) that Gaga, in the relationship with the psychologist, builds her IWMs as positive, so that she can see herself as a person who is worthy of the love and support of close people; 2) to develop a stable capacity for mentalization; 3) to apply this acquired skills in the interpretation of her affective experiences. The mentalizing approach in working with Gaga was based on an attitude of emotional warmth, acceptance and authentic interest in her inner world. The psychologist's work with Gaga led to her better self-control, which resulted in the cessation of her self-injury. In her work with a psychologist, Gaga acquired positive IWMs, which she transferred into other significant interpersonal relationships.
COMMUNICATION | doi:10.20944/preprints202301.0335.v2
Subject: Mathematics & Computer Science, Information Technology & Data Management Keywords: Cloud Computing; Data Protection; Secure Communication; Middleware; Protocols
Online: 30 January 2023 (09:24:01 CET)
In recent years, Cloud Computing and Big Data have been considered the most attractive areas that are revolutionizing the IT world. Cloud Computing paradigm has recently appeared that allows running proprietary or difficult portable applications outside their original software environment on one or more virtual hardware platforms. Therefore, we are to developing such techniques which make it possible to secure communication between the communicating Cloud entities. These techniques must take into account several factors due to the data transmitted in this type of environment is proprietary and of significant size. Conventional data security techniques are not suitable for today's cloud usage. Hence, the main research of this thesis is to define an adaptable architecture with the aim to propose a scalable system that supports cloud services. We will define feasible security solutions dedicated to the Cloud computing context in order to robustly protect data stored in the Cloud. We are more precisely looking for working on NoSQL databases. We also intend to propose a secure solution based on the blockchain that has powerful features like decentralization, autonomy, security, reliability, and transparency.
ARTICLE | doi:10.20944/preprints202208.0382.v1
Subject: Mathematics & Computer Science, Information Technology & Data Management Keywords: IP traceback; smart mesh Microgrid; NS-3; real secure testbed
Online: 22 August 2022 (11:16:04 CEST)
Today's major challenge for smart Microgrids is to ensure the security of communications in a large number of changing data sets that are vulnerable to attacks by denial of services in constant evolution. The Internet Protocol Traceback defines a set of methods that help identify the source of an attack with minimal requirements for memory and processing. However, the concept of Traceback is not yet being used in smart Microgrids. As a result, the main challenge of this article is to incorporate a new Traceback approach into the cybernetic system of a smart mesh Microgrid, which can be tested using a network simulator (NS-3) based on delay, debit, and packet loss rate parameters. In fact, the simulation results show the efficacy of this approach compared to others existing in the literature. Furthermore, using the proposed Traceback technique and the mesh nodes, we were able to create a smart meshed Microgrid. Moreover, using the Traceback approach given for merging Intel Galileo Gen.1 nodes with the Compex WLE200NX.11a/b/g/n to establish a secure test bench, which is deployed as a prototype at the Sfax Digital Research Center in Tunisia, we were able to create an intelligent Microgrid. In fact, by identifying all attack vectors and revealing their origins, we could boost the efficiency of our operation by 100%.
REVIEW | doi:10.20944/preprints202206.0209.v1
Subject: Mathematics & Computer Science, Other Keywords: Quantum cryptography; Oblivious transfer; Secure multiparty computation; Private database query
Online: 15 June 2022 (02:31:33 CEST)
Quantum cryptography is the field of cryptography that explores the quantum properties of matter. Its aim is to develop primitives beyond the reach of classical cryptography or to improve on existing classical implementations. Although much of the work in this field has been dedicated to quantum key distribution (QKD), some important steps were made towards the study and development of quantum oblivious transfer (QOT). It is possible to draw a comparison between the application structure of both QKD and QOT primitives. Just as QKD protocols allow quantum-safe communication, QOT protocols allow quantum-safe computation. However, the conditions under which QOT is actually quantum-safe have been subject to a great amount of scrutiny and study. In this review article, we survey the work developed around the concept of oblivious transfer in the area of theoretical quantum cryptography, with an emphasis on some proposed protocols and their security requirements. We review the impossibility results that daunt this primitive and discuss several quantum security models under which it is possible to prove QOT security.
ARTICLE | doi:10.20944/preprints202009.0478.v1
Subject: Keywords: Software development; SDLC; Secure software development challenges; security development lifecycle
Online: 20 September 2020 (14:48:42 CEST)
The main focus of this paper is to analyze and discuss the secure software development practices currently being adopted in the industry along with their significance, as well as to identify the challenges faced by developers when undertaking measures and techniques in writing secure software. It is a well-known fact that software security has been the top priority of many software companies such as Google and Facebook to thwart attackers and protect user data in this world full of cybercriminals. Understanding how most software companies in the industry operate to ensure security helps developers to identify strengths and weaknesses in their current security frameworks. Hence, by researching into previous literature and papers that are relevant to the topic and by conducting an interview with a professional in the field, this paper provides insights on the most popular secure software development framework and practices in the world as well as problems faced by companies when adopting these practices. Several security practices and activities that are required to create secure software are discovered alongside the problems that arise when companies are trying to apply these practices. This paper also proposes a few solutions that can be used to resolve these problems, which can be easily understood and implemented by software companies to transition into a truly secure software development environment.
ARTICLE | doi:10.20944/preprints202007.0502.v1
Subject: Mathematics & Computer Science, Information Technology & Data Management Keywords: COVID-19; contact tracing; privacy concern; secure communication; healthcare data; blockchain
Online: 22 July 2020 (06:19:47 CEST)
Contact tracing has become an indispensable tool of various extensive measures to control the spread of COVID-19 pandemic due to novel coronavirus. This essential tool helps to identify, isolate and quarantine the contacted persons of a COVID-19 patient. However, the existing contact tracing applications developed by various countries, health organizations to trace down the contacts after identifying a COVID-19 patient suffers from several security and privacy concerns. In this work, we have identified those security and privacy issues of several leading contact tracing applications and proposed a blockchain-based framework to overcome the major security and privacy challenges imposed by the applications. We have discussed the security and privacy measures that are achieved by the proposed framework to show the effectiveness against the security and privacy issues raised by the existing mobile contact tracing applications.
Subject: Engineering, Automotive Engineering Keywords: Automotive development; Secure SDLC; Evidence-based standard; ISO/SAE 21434; UNECE cybersecurity regulation
Online: 9 December 2020 (10:59:57 CET)
Although traditional automotive development has mainly focused on functional safety, as the number of automotive hacking cases has increased due to the growing Internet connectivity of automotive control systems, security is also becoming more important. Accordingly, various international organizations are preparing cybersecurity regulations or standards to ensure security in automotive development by emphasizing the concept of security-by-design(i.e. security engineering) which emphasizes trustworthiness from the beginning of development. The problem, however, is that no specific methodology has been suggested. In this paper, we propose a specific security-by-design methodology for automotive development based on Secure System Development Life Cycle (secure SDLC) standards and evidence-based standards. Our methodology could be easily used in the actual field as it is more general and detailed than existing secure SDLC standards and research. Also, since it satisfies all requirements of United Nations Economic Commission for Europe (UNECE) regulation, automobile manufacturers could respond to the upcoming cybersecurity regulation with our methodology.
ARTICLE | doi:10.20944/preprints202008.0603.v1
Subject: Engineering, Electrical & Electronic Engineering Keywords: secure boot; cyber-physical system security; embedded systems; FPGA; hardware primitives; IoT security
Online: 27 August 2020 (08:49:02 CEST)
Reconfigurable computing is becoming ubiquitous in the form of consumer-based Internet of Things (IoT) devices. Reconfigurable computing architectures have found their place in safety-critical infrastructures such as the automotive industry. As the target architecture evolves, it also needs to be updated remotely on the target platform. This process is susceptible to remote hijacking, where the attacker can maliciously update the reconfigurable hardware target with tainted hardware configuration. This paper proposes an architecture of establishing Root of Trust at the hardware level using cryptographic co-processors and Trusted Platform Modules (TPMs) and enable over the air updates. The proposed framework implements secure boot protocol on Xilinx based FPGAs. The project demonstrates the configuration of the bitstream, boot process integration with TPM and secure over-the-air updates for the hardware reconfiguration.
ARTICLE | doi:10.20944/preprints202005.0117.v1
Subject: Medicine & Pharmacology, General Medical Research Keywords: Coronaviruses; Blockchain Technology; COVID-19; Smart Contracts; Data Exchange; Secure; Distributed Ledger Technology; Healthcare
Online: 7 May 2020 (10:10:00 CEST)
WHO was informed on 31 December 2019 of cases of unknown cause pneumonia in Wuhan City, China. On 7 January 2020 Chinese authorities reported a novel coronavirus as the cause and was temporarily labeled "2019-nCoV." Coronaviruses (CoV) are a wide family of viruses which cause diseases ranging from common cold to more serious illnesses. A novel coronavirus (nCoV) is a new strain not previously found in humans. Countries around the globe have stepped up their surveillance to quickly detect any new 2019-nCoV cases. Blockchain is developing into a safe and efficient network for secure data sharing in applications such as the financial industry, operations management, food industry, energy market, the Internet of Things and healthcare. In this paper, we are using blockchain technology as a mean to share authentic data, tracking of relevant information and help speed up the treatment process. At the same time it will preserve person’s identity. Timely deployment and suitable implementation of the proposed model have the opportunity to curb COVID-19 transmissions and associated mortality, especially in environments with inadequate access to testing facilities. This work will also facilitate in the treatment of other infectious diseases. Smart contract have been designed and implemented using the ethereum blockchain platform which has been presented in this paper. This work would facilitate multiple stakeholders who are involved within the medical system to curb the transmission of this disease.
ARTICLE | doi:10.20944/preprints202103.0406.v1
Subject: Mathematics & Computer Science, Algebra & Number Theory Keywords: cyber security; secure development; prototyping; web security; internet of things; software security; digitalization; socio-technical security
Online: 16 March 2021 (09:24:24 CET)
Secure development is a proactive approach to cyber security. Rather than building a technological solution and then securing it in retrospect, secure development strives to embed good security practices throughout the development process and thereby reduces risk. Unfortunately, evidence suggests secure development is complex, costly, and limited in practice. This article therefore introduces security-focused prototyping as a natural precursor to secure development that embeds security at the beginning of the development process, can be used to discover domain specific security requirements, and can help organisations navigate the complexity of secure development such that the resources and commitment it requires are better understood. Two case studies–one considering the creation of a bespoke web platform and the other considering the application layer of an Internet of Things system–verify the potential of the approach and its ability to discover domain specific security requirements in particular. Future work could build on this work by conducting case studies to further verify the potential of security-focused prototyping and even investigate its capacity to be used as a tool capable of reducing a broader, socio-technical, kind of risk.
ARTICLE | doi:10.20944/preprints202004.0362.v1
Subject: Mathematics & Computer Science, Other Keywords: Internet of Things (IoT); security goals; security guidelines; IoT assets; IoT security level certificates; countermeasures; IoT attacks; secure IoT frameworks
Online: 20 April 2020 (12:04:32 CEST)
Internet of Things (IoT) provides a huge business value for customers, organizations, and governments due to the developments of so many applications in different sectors like energy and healthcare. Nevertheless, as a new emerging technology, IoT faces several security concerns that are more challenging than conventional Internet because of its limited resources as well as its complex ecosystem. Toward this end, we first highlight IoT security challenges and briefly discuss its security goals like confidentiality and integrity. Second, we discuss the most common attacks against IoT, along with their violated security goals. We also review the existing frameworks of security and privacy guidelines for IoT and illustrate their shortcomings. Third, we propose a novel framework for securing IoT objects, the key objective of which is to assign different Security Level Certificates (SLCs) for IoT objects based on their hardware capabilities and protection measures. Objects with SLCs, therefore, will be able to communicate with each other or with the Internet in a secure manner. The proposed framework is composed of five main phases. In phase 1, we classify IoT assets into four components: (i) physical objects, (ii) protocols, (iii) data at rest, and (iv) software, which includes operating systems, middlewares, and applications. We also classify IoT objects into five categories based on their hardware capabilities. In phase 2, we propose security and privacy guidelines for previously mentioned IoT assets, along with their protection measures. In phase 3, we classify protection measures into five SLCs, and then we assign different SLCs for IoT objects. In phase 4: we develop a communication plan between objects based on their SLCs. In phase 5, we propose a four-step method to seamlessly integrate our objects with legacy objects ( objects are not developed according to our framework). Fourth, the feasibility and application of this framework are illustrated using smart homes as a case study. Finally, we investigate how our framework would lessen several attacks and threats against IoT like routing attacks and physical damage. We also provide qualitative arguments to show that this framework could be utilized to solve some of IoT security challenges such as tight resource constrains. Moreover, we discuss the shortcomings of our suggested framework.
ARTICLE | doi:10.20944/preprints201810.0088.v1
Subject: Materials Science, Biomaterials Keywords: There are many molecules used as drug carrier. TUD-1 is a newly synthesized mesoporous silica (SM) molecule possess two important features; consists of mesoporous so it is very suitable to be drug carrier in addition to that it has the ability to induce apoptosis in cancer cells. However, the effect of TUD-1 appears to act as cell death inducer, regardless of whether it is necrosis or apoptosis. Unfortunately, recent studies indicate that a proportion of cells undergo necrosis rather than apoptosis, which limits the use of TUD-1 as a secure treatment. On the other hand, lithium considered as necrosis inhibitor element. Hence, current study based on the idea of production a new Li/TUD-1 by incorporated mesoporous silica (TUD-1 type) with lithium in order to produce a new compound that has the ability to activate apoptosis by mesoporous silica (TUD-1 type) and at the same time can inhibit the activity of necrosis by lithium. Herein, lithium was incorporated in TUD-1 mesoporous silica by
Online: 4 October 2018 (15:54:02 CEST)
There are many molecules used as drug carrier. TUD-1 is a newly synthesized mesoporous silica (SM) molecule possess two important features; consists of mesoporous so it is very suitable to be drug carrier in addition to that it has the ability to induce apoptosis in cancer cells. However, the effect of TUD-1 appears to act as cell death inducer, regardless of whether it is necrosis or apoptosis. Unfortunately, recent studies indicate that a proportion of cells undergo necrosis rather than apoptosis, which limits the use of TUD-1 as a secure treatment. On the other hand, lithium considered as necrosis inhibitor element. Hence, current study based on the idea of production a new Li/TUD-1 by incorporated mesoporous silica (TUD-1 type) with lithium in order to produce a new compound that has the ability to activate apoptosis by mesoporous silica (TUD-1 type) and at the same time can inhibit the activity of necrosis by lithium. Herein, lithium was incorporated in TUD-1 mesoporous silica by using sol-gel technique in one step synthesis procedure. Moreover, lithium was incorporated in TUD-1 with different loading in order to form different active sites such as isolated lithium ions, nanoparticles of Li2O, and bulky crystals of Li2O. The ability of the new compounds to induce apoptosis and prevent necrosis was evaluated on three different types of cancer cell lines which are; liver HepG-2, Breast MCF-7 and colon HCT116. The obtained results show that Li/TUD-1has the ability to control necrosis and thus reduce the side effects of treatments containing silica in the case of lithium has been added to them, especially in chronic cases. This has been demonstrated by the significant increase in the IC50 value and cell viability comparing to control groups. Consequently, the idea is new, so it definitely needs more develop and test with materials that have more apoptotic impact than silica in order to induce apoptosis without induction of necrosis.