A Lossless Data-Hiding based IoT Data Authenticity Model in Edge-AI for Connected Living

Edge computing is an emerging technology for the acquisition of Internet-of-Things (IoT) data and provisioning different services in connected living. Artificial Intelligence (AI) powered edge devices (edge-AI) facilitate intelligent IoT data acquisition and services through data analytics. However, data in edge networks are prone to several security threats such as external and internal attacks and transmission errors. Attackers can inject false data during data acquisition or modify stored data in the edge data storage to hamper data analytics. Therefore, an edge-AI device must verify the authenticity of IoT data before using them in data analytics. This article presents an IoT data authenticity model in edge-AI for a connected living using data hiding techniques. Our proposed data authenticity model securely hides the data source’s identification number within IoT data before sending it to edge devices. Edge-AI devices extract hidden information for verifying data authenticity. Existing data hiding approaches for biosignal cannot reconstruct original IoT data after extracting the hidden message from it (i.e., lossy) and are not usable for IoT data authenticity. We propose the first lossless IoT data hiding technique in this article based on error-correcting codes (ECCs). We conduct several experiments to demonstrate the performance of our proposed method. Experimental results establish the lossless property of the proposed approach while maintaining other data hiding properties.

Artificial Intelligence Security: Threats and Countermeasures

In recent years, with rapid technological advancement in both computing hardware and algorithm, Artificial Intelligence (AI) has demonstrated significant advantage over human being in a wide range of fields, such as image recognition, education, autonomous vehicles, finance, and medical diagnosis. However, AI-based systems are generally vulnerable to various security threats throughout the whole process, ranging from the initial data collection and preparation to the training, inference, and final deployment. In an AI-based system, the data collection and pre-processing phase are vulnerable to sensor spoofing attacks and scaling attacks, respectively, while the training and inference phases of the model are subject to poisoning attacks and adversarial attacks, respectively. To address these severe security threats against the AI-based systems, in this article, we review the challenges and recent research advances for security issues in AI, so as to depict an overall blueprint for AI security. More specifically, we first take the lifecycle of an AI-based system as a guide to introduce the security threats that emerge at each stage, which is followed by a detailed summary for corresponding countermeasures. Finally, some of the future challenges and opportunities for the security issues in AI will also be discussed.

Attack Taxonomy for Cyber-Physical System

Cyber-physical systems are the systems that combine the physical world with the world of information processing. CPS involves interaction between heterogeneous components that include electronic chips, software systems, sensors and actuators. It makes the CPS vulnerable to attacks. How to deal with the attacks in CPSs has become a research hotspot. In this paper we have study the Architecture of CPS and various security threats at each layer of the archicture of CPS. We have also developed attack taxonomy for CPS. Keywords: Cyber Physical System, Threat, Attack

Juice Jacking: Security Issues and Improvements in USB Technology

For a reliable and convenient system, it is essential to build a secure system that will be protected from outer attacks and also serve the purpose of keeping the inner data safe from intruders. A juice jacking is a popular and spreading cyber-attack that allows intruders to get inside the system through the web and theive potential data from the system. For peripheral communications, Universal Serial Bus (USB) is the most commonly used standard in 5G generation computer systems. USB is not only used for communication, but also to charge gadgets. However, the transferal of data between devices using USB is prone to various security threats. It is necessary to maintain the confidentiality and sensitivity of data on the bus line to maintain integrity. Therefore, in this paper, a juice jacking attack is analyzed, using the maximum possible means through which a system can be affected using USB. Ten different malware attacks are used for experimental purposes. Various machine learning and deep learning models are used to predict malware attacks. An extensive experimental analysis reveals that the deep learning model can efficiently recognize the juice jacking attack. Finally, various techniques are discussed that can either prevent or avoid juice jacking attacks.

Survey on Reverse-Engineering Tools for Android Mobile Devices

With the presence of the Internet and the frequent use of mobile devices to send several transactions that involve personal and sensitive information, it becomes of great importance to consider the security aspects of mobile devices. And with the increasing use of mobile applications that are utilized for several purposes such as healthcare or banking, those applications have become an easy and attractive target for attackers who want to get access to mobile devices and obtain users’ sensitive information. Developing a secure application is very important; otherwise, attackers can easily exploit vulnerabilities in mobile applications which lead to serious security issues such as information leakage or injecting applications with malicious programs to access user data. In this paper, we survey the literature on application security on mobile devices, specifically mobile devices running on the Android platform, and exhibit security threats in the Android system. In addition, we study many reverse-engineering tools that are utilized to exploit vulnerabilities in applications. We demonstrate several reverse-engineering tools in terms of methodology, security holes that can be exploited, and how to use these tools to help in developing more secure applications.

Distributed Authentication Model for Secure Network Connectivity in Network Separation Technology

Considering the increasing scale and severity of damage from recent cybersecurity incidents, the need for fundamental solutions to external security threats has increased. Hence, network separation technology has been designed to stop the leakage of information by separating business computing networks from the Internet. However, security accidents have been continuously occurring, owing to the degradation of data transmission latency performance between the networks, decreasing the convenience and usability of the work environment. In a conventional centralized network connection concept, a problem occurs because if either usability or security is strengthened, the other is weakened. In this study, we proposed a distributed authentication mechanism for secure network connectivity (DAM4SNC) technology in a distributed network environment that requires security and latency performance simultaneously to overcome the trade-off limitations of existing technology. By communicating with separated networks based on the authentication between distributed nodes, the inefficiency of conventional centralized network connection solutions is overcome. Moreover, the security is enhanced through periodic authentication of the distributed nodes and differentiation of the certification levels. As a result of the experiment, the relative efficiency of the proposed scheme (REP) was about 420% or more in all cases.

A Classification Framework for Analyzing the War and Peacemaking Potential of News Media in Pakistan

In this study, we present a contextual model for analyzing the escalatory and de-escalatory trends in media reporting of seven conflicts in Pakistan. For this purpose, we combined findings from both survey and content analysis. While the survey helped to examine the journalists’ perceptions about the security threats of conflicts and the factors that influence the reportage, the content analysis was utilized to analyze the escalatory and de-escalatory characteristics in the coverage. The findings show that high security conflicts lead to a patriotic reporting scenario that results in high escalatory coverage. There is a significant decrease in the escalatory coverage as the assumed threat level of a conflict decreases. Similarly, we found that a conflict in which journalists exercised more relative freedom from pressure groups was reported in de-escalatory fashion. These findings can be useful for strategizing for the implementation of peace journalism in Pakistan in particular and elsewhere in general.

IoT: Communication Protocols and Security Threats

The IoT is recognized as one of the most important areas of future technology and is gaining vast attention from a wide range of industries. Although, after 20 years from the first published literature (2002) the technology (as a whole) is not yet mature. In this study we will review the basics of IoT with a general approach, by addressing the problems of a standard architecture, vulnerabilities and use cases of this promising technology. Moreover, we will review some of the communication protocols that have invented especially for IoT technology, security threats and general implementation challenges.