security vulnerabilities
Recently Published Documents





2022 ◽  
Vol 54 (9) ◽  
pp. 1-37
Pasika Ranaweera ◽  
Anca Jurcut ◽  
Madhusanka Liyanage

The future of mobile and internet technologies are manifesting advancements beyond the existing scope of science. The concepts of automated driving, augmented-reality, and machine-type-communication are quite sophisticated and require an elevation of the current mobile infrastructure for launching. The fifth-generation (5G) mobile technology serves as the solution, though it lacks a proximate networking infrastructure to satisfy the service guarantees. Multi-access Edge Computing (MEC) envisages such an edge computing platform. In this survey, we are revealing security vulnerabilities of key 5G-based use cases deployed in the MEC context. Probable security flows of each case are specified, while countermeasures are proposed for mitigating them.

2022 ◽  
Vol 54 (9) ◽  
pp. 1-36
Konstantinos Arakadakis ◽  
Pavlos Charalampidis ◽  
Antonis Makrogiannakis ◽  
Alexandros Fragkiadakis

The devices forming Internet of Things (IoT) networks need to be re-programmed over the air, so that new features are added, software bugs or security vulnerabilities are resolved, and their applications can be re-purposed. The limitations of IoT devices, such as installation in locations with limited physical access, resource-constrained nature, large scale, and high heterogeneity, should be taken into consideration for designing an efficient and reliable pipeline for over-the-air programming (OTAP). In this work, we present a survey of OTAP techniques, which can be applied to IoT networks. We highlight the main challenges and limitations of OTAP for IoT devices and analyze the essential steps of the firmware update process, along with different approaches and techniques that implement them. In addition, we discuss schemes that focus on securing the OTAP process. Finally, we present a collection of state-of-the-art open-source and commercial platforms that integrate secure and reliable OTAP.

IEEE Access ◽  
2022 ◽  
pp. 1-1
Satpal Singh Kushwaha ◽  
Sandeep Joshi ◽  
Dilbag Singh ◽  
Manjit Kaur ◽  
Heung-No Lee

2021 ◽  
Vol 4 (2) ◽  
pp. 55-68
Seyed Ghorashi

The Internet of Things (IoT) and Wireless Sensor Network (WSN) devices are prone to security vulnerabilities, especially when they are resource-constrained. Lightweight cryptography is a promising encryption concept for IoT and WSN devices, that can mitigate these vulnerabilities. For example, Klein encryption is a lightweight block cipher, which has achieved popularity for the trade-off between performance and security. In this paper, we propose one novel method to enhance the efficiency of the Klein block cipher and the effects on the Central Processing Unit (CPU), memory usage, and processing time. Furthermore, we evaluate another approach on the performance of the Klein encryption iterations. These approaches were implemented in the Python language and ran on the Raspberry PI 3. We evaluated and analyzed the results of two modified encryption algorithms and confirmed that two enhancing techniques lead to significantly improved performance compared to the original algorithm

2021 ◽  
Raihan Ur Rasool ◽  
Hafiz Farooq Ahmad ◽  
Wajid Rafique ◽  
Adnan Qayyum ◽  
Junaid Qadir

<p>Quantum computing is an emerging field of research that can provide a “quantum leap” in terms of computing performance and thereby enable many new exciting healthcare applications such as rapid DNA sequencing, drug research and discovery, personalized medicine, molecular simulations, diagnosis assistance, efficient radiotherapy. In this paper, we provide a taxonomy of existing literature on quantum healthcare systems and identify the key requirements of quantum computing implementations in the healthcare paradigm. We also provide a through exploration of the application areas where quantum computing could transform traditional healthcare systems. Finally, we perform an extensive study of quantum cryptography from the perspective of healthcare systems to identify security vulnerabilities in traditional cryptography systems.</p>

2021 ◽  
Vol 2021 ◽  
pp. 1-19
Raghavendra Rao Althar ◽  
Debabrata Samanta ◽  
Manjit Kaur ◽  
Abeer Ali Alnuaim ◽  
Nouf Aljaffan ◽  

Security of the software system is a prime focus area for software development teams. This paper explores some data science methods to build a knowledge management system that can assist the software development team to ensure a secure software system is being developed. Various approaches in this context are explored using data of insurance domain-based software development. These approaches will facilitate an easy understanding of the practical challenges associated with actual-world implementation. This paper also discusses the capabilities of language modeling and its role in the knowledge system. The source code is modeled to build a deep software security analysis model. The proposed model can help software engineers build secure software by assessing the software security during software development time. Extensive experiments show that the proposed models can efficiently explore the software language modeling capabilities to classify software systems’ security vulnerabilities.

2021 ◽  
Zhongwei Teng ◽  
Jacob Tate ◽  
William Nock ◽  
Carlos Olea ◽  
Jules White

Checklists have been used to increase safety in aviation and help prevent mistakes in surgeries. However, despite the success of checklists in many domains, checklists have not been universally successful in improving safety. A large volume of checklists is being published online for helping software developers produce more secure code and avoid mistakes that lead to cyber-security vulnerabilities. It is not clear if these secure development checklists are an effective method of teaching developers to avoid cyber-security mistakes and reducing coding errors that introduce vulnerabilities. This paper presents in-process research looking at the secure coding checklists available online, how they map to well-known checklist formats investigated in prior human factors research, and unique pitfalls that some secure development checklists exhibit related to decidability, abstraction, and reuse.

2021 ◽  
Vol 6 (3) ◽  
pp. 131
Erick Irawadi Alwi ◽  
Lutfi Budi Ilmawan

The use of academic information systems (siakad) has become mandatory for universities in providing user convenience in online academic administrative activities. However, sometimes college siakad has security holes that irresponsible people can take advantage of by hacking. This study aims to identify security vulnerabilities at XYZ Siakad University. The method used in this study is a vulnerability assessment method. A university syakad will conduct an initial vulnerability assessment by doing footprinting to get information related to XYZ syakad after that a vulnerability scan is carried out using vulnerability assessment tools to identify vulnerabilities and the level of risk found. Based on the vulnerability of the XYZ university's vulnerabilities, it is quite good, with a high risk level of 1, a medium risk level of 6 and a low risk level of 14. Researchers provide recommendations for improvements related to the findings of security holes in XYZ university Siakad from XSS (Cross Site Scripting) attacks, Clickjacking, Brute Force, Cross-site Request Forgery (CSRF) and Sniffing.

Hua Ning ◽  
Kaijun Liu ◽  
Yuan Li

As the SCADA system develops continuously, the dissemination of malicious network behaviors has brought great risk to the normal operation of enterprises, meanwhile resulting in huge economic burden to personal work and life. Therefore, the security reinforcement strategy is crucial to the field of network security management and analysis of the SCADA system. Some researchers have started to investigate on how to minimize the cost of realizing the SCADA system reinforcement strategy. However, the SCADA system administrators are facing a very challenging problem, that’s the reinforcement budget is less than the minimal input of SCADA system security reinforcement. The core of this problem lies on how to choose a subset from massive security reinforcement strategies, so as to minimize the risks from not patching all essential security vulnerabilities within the budget. Based on a deep comparative analysis of existing multi-objective optimization technologies, this paper proposes a multi-objective optimization method based on system attack tree model, and uses Pareto algorithm to solve this problem. The experimental results demonstrate that the Pareto algorithm can effectively make the multi-objective decision in security reinforcement strategy, and can solve practical issues in actual SCADA system security reinforcement practice.

Sign in / Sign up

Export Citation Format

Share Document