Artificial intelligence and the introduction of Internet of Things technologies have benefited from technological advances and new automated computer system technologies. Eventually, it is now possible to integrate them into a single offline industrial system. This is accomplished through machine-to-machine communication, which eliminates the human factor. The purpose of this article is to examine security systems for machine-to-machine communication systems that rely on identification and authentication algorithms for real-time monitoring. The article investigates security methods for quickly resolving data processing issues by using the Security operations Center’s main machine to identify and authenticate devices from 19 different machines. The results indicate that when machines are running offline and performing various tasks, they can be exposed to data leaks and malware attacks by both the individual machine and the system as a whole. The study looks at the operation of 19 computers, 7 of which were subjected to data leakage and malware attacks. AnyLogic software is used to create visual representations of the results using wireless networks and algorithms based on previously processed methods. The W76S is used as a protective element within intelligent sensors due to its built-in memory protection. For 4 machines, the data leakage time with malware attacks was 70 s. For 10 machines, the duration was 150 s with 3 attacks. Machine 15 had the longest attack duration, lasting 190 s and involving 6 malware attacks, while machine 19 had the shortest attack duration, lasting 200 s and involving 7 malware attacks. The highest numbers indicated that attempting to hack a system increased the risk of damaging a device, potentially resulting in the entire system with connected devices failing. Thus, illegal attacks by attackers using malware may be identified over time, and data processing effects can be prevented by intelligent control. The results reveal that applying identification and authentication methods using a protocol increases cyber-physical system security while also allowing real-time monitoring of offline system security.

The Linux kernel has been applied in various security-sensitive fields, so ensuring its security is crucial. Vulnerabilities in the Linux kernel are usually caused by undefined behaviors of the C programming language, the most threatening of which are memory safety vulnerabilities. Both the software-based and hardware approaches to memory safety have disadvantages of poor performance, false positives, and poor compatibility. This paper explores the feasibility of using the safe programming language Rust to reconstruct a Linux kernel component and open-source the component's code. We leverage the Rust FFI mechanism to design a safe foreign interface layer to enable the reconstructed component to invoke other Linux functionalities, and then use Rust to reconstruct the component, during which we leverage Rust's type-safety and ownership mechanisms to improve its security, and finally export the C interface of the component to enable the invocation by the Linux kernel. The performance and memory overhead of the reconstructed component, referred to as “rOOM”, were evaluated, revealing a performance overhead of 8.9% in kernel mode, 5% in user mode, 3% in real time, and a memory overhead of 0.06%. These results suggest that it is possible to develop key components of the Linux kernel using Rust in terms of functionality, performance, and memory overhead.

Zero Trust Networking (ZTN) is a security model where no default trust is given to entities in a network infrastructure. The first bastion of security for achieving ZTN is strong identity verification. Several standard methods for assuring a robust identity exist (E.g., OAuth2.0, OpenID Connect). These standards employ JSON Web Tokens (JWT) during the authentication process. However, the use of JWT for One Time Token (OTT) enrollment has a latent security issue. A third party can intercept a JWT, and the payload information can be exposed, revealing the details of the enrollment server. Furthermore, an intercepted JWT could be used for enrollment by an impersonator as long as the JWT remains active. Our proposed mechanism aims to secure the ownership of the OTT by including the JWT as encrypted metadata into a Non-Fungible Token (NFT). The mechanism uses the blockchain Public Key of the intended owner for encrypting the JWT. The blockchain assures the JWT ownership by mapping it to the intended owner's blockchain public address. Our proposed mechanism is applied to an emerging Zero Trust framework (OpenZiti) alongside a permissioned Ethereum blockchain using Hyperledger Besu. The Zero Trust Framework provides enrollment functionality. At the same time, our proposed mechanism based on blockchain and NFT assures the secure distribution of OTTs that is used for the enrollment of identities.

The proliferation of coronavirus disease (COVID-19) has prompted changes in business models. To ensure a successful transition to non-face-to-face and electronic communication, the authenticity of data and the trustworthiness of communication partners are essential. Trust services provide a mechanism for preventing data falsification and spoofing. To develop a trust service, the characteristics of the service and the scope of its use need to be determined, and the relevant legal systems must be investigated. Preparing a document to meet trust service provider requirements may incur significant expenses. This study focuses on electronic signatures, proposes criteria for classification, classifies actual documents based on these criteria, and opens a discussion. A case study illustrates how trusted service providers search a document highlighting areas that require approval. The classification table in this paper may prove advantageous at the outset when business decisions are uncertain, and there is no clear starting point.

We present a mathematical formulation of a trust metric using a quality and quantity pair. Under a certain assumption, we regard trust as an additive value and define the soundness of a trust computation as not to exceed the total sum. Moreover, we point out the importance of not only soundness of each computed trust but also the stability of the trust computation procedure against changes in trust value assignment. In this setting, we define trust composition operators. We also propose a trust computation protocol and prove its soundness and stability using the operators.

The ARM TrustZone architecture, which provides hardware-assisted isolation, is widely adopted in mobile and IoT devices. The security of ARM TrustZone relies on the idea of splitting system-on-chip hardware and software into two worlds, namely normal world and secure world. There are legitimate channels at the hardware level that the normal world and the secure world can use to communicate with each other. To protect these channels from being abused, research efforts were invested on restricting the access to these channels from normal world components. Therefore, only predefined and legitimate normal world components can use cross-world communication channels. In this work, we present a study on data covert channels that can bypass such protection mechanisms and smuggle sensitive information. We first analyze causes of the noise in the covert channel between two worlds. Then, we evaluate the accuracy and bandwidth of covert channels built by our PRIME+COUNT method with one built by PRIME+PROBE method. Our results demonstrate that PRIME+COUNT is an effective technique for enabling cross-world covert channels in the ARM TrustZone.

The integration of social networking concepts into the Internet of Things has led to the Social Internet of Things (SIoT) paradigm, and trust evaluation is essential to secure interaction in SIoT. In SIoT, when resource-constrained nodes respond to unexpected malicious services and malicious recommendations, the trust assessment is prone to be inaccurate, and the existing architecture has the risk of privacy leakage. An edge-cloud collaborative trust evaluation architecture in SIoT is proposed in this paper. Utilize the resource advantages of the cloud and the edge to complete the trust assessment task collaboratively. An evaluation algorithm of relationship closeness between nodes is designed to evaluate neighbor nodes' reliability in SIoT. A trust computing algorithm with enhanced sensitivity is proposed, considering the fluctuation of trust value and the conflict between trust indicators to enhance the sensitivity of identifying malicious behaviors. Simulation results show that compared with traditional methods, the proposed trust evaluation method can effectively improve the success rate of interaction and reduce the false detection rate when dealing with malicious services and malicious recommendations.

Most research on detecting shilling attacks focuses on users' rating behavior but does not consider that attackers may also attack the users' trusting behavior. For example, attackers may give a low score to other users' ratings so that people would think the ratings from the users are not helpful. In this paper, we define the trust shilling attack, propose the behavior features of trust attacks, and present an effective detection method using machine learning methods. The experimental results demonstrate that, based on our proposed behavior features of trust attacks, we can detect trust shilling attacks as well as traditional shilling attacks accurately.

The effect of provision of “Neither-Good-Nor-Bad” (NGNB) information on the perceived trustworthiness of agents has been investigated in previous studies. The experimental results have revealed several conditions under which the provision of NGNB information works effectively to make users perceive greater trust of agents. However, the experiments in question were carried out in a situation in which a user is able to choose, with the agent's advice, one of a limited number of options. In practical problems, we are often at a loss as to which to choose because there are too many possible options and it is not easy to narrow them down. Furthermore, in the above-mentioned previous studies, it was easy to predict the size of profits that a user would obtain because its pattern was also limited. This prompted us, in this paper, to investigate the effect of provision of NGNB information on the users' trust of agents under conditions where it appears to the users that numerous options are available. Our experimental results reveal that an agent that reliably provides NGNB information tends to gain greater user trust in a situation where it appears to the users that there are numerous options and their consequences, and it is not easy to predict the size of profits. However, in contradiction to the previous study, the results in this paper also reveal that stable provision of NGNB information in the context of numerous options is less effective in a situation where it is harder to obtain larger profits.

To safeguard critical services and assets in a distributed environment, collaborative intrusion detection systems (CIDSs) are usually adopted to share necessary data and information among various nodes, and enhance the detection capability. For simplifying the network management, software defined networking (SDN) is an emerging platform that decouples the controller plane from the data plane. Intuitively, SDN can help lighten the management complexity in CIDSs, and a CIDS can protect the security of SDN. In practical implementation, trust management is an important approach to help identify insider attacks (or malicious nodes) in CIDSs, but the challenge is how to ensure the data integrity when evaluating the reputation of a node. Motivated by the recent development of blockchain technology, in this work, we design BlockCSDN — a framework of blockchain-based collaborative intrusion detection in SDN, and take the challenge-based CIDS as a study. The experimental results under both external and internal attacks indicate that using blockchain technology can benefit the robustness and security of CIDSs and SDN.

A mobile crowdsensing system (MCS) utilizes a crowd of users to collect large-scale data using their mobile devices efficiently. The collected data are usually linked with sensitive information, raising the concerns of user privacy leakage. To date, many approaches have been proposed to protect the users' privacy, with the majority relying on a centralized structure, which poses though attack and intrusion vulnerability. Some studies build a distributed platform exploiting a blockchain-type solution, which still requires a fully trusted third party (TTP) to manage a reliable reward distribution in the MCS. Spurred by the deficiencies of current methods, we propose a distributed user privacy protection structure that combines blockchain and a trusted execution environment (TEE). The proposed architecture successfully manages the users' privacy protection and an accurate reward distribution without requiring a TTP. This is because the encryption algorithms ensure data confidentiality and uncouple the correlation between the users' identity and the sensitive information in the collected data. Accordingly, the smart contract signature is used to manage the user deposit and verify the data. Extensive comparative experiments verify the efficiency and effectiveness of the proposed combined blockchain and TEE scheme.

The unattended malicious nodes pose great security threats to the integrity of the IoT sensor networks. However, preventions such as cryptography and authentication are difficult to be deployed in resource constrained IoT sensor nodes with low processing capabilities and short power supply. To tackle these malicious sensor nodes, in this study, the trust computing method is applied into the IoT sensor networks as a light weight security mechanism, and based on the theory of Chebyshev Polynomials for the approximation of time series, the trust data sequence generated by each sensor node is linearized and treated as a time series for malicious node detection. The proposed method is evaluated against existing schemes using several simulations and the results demonstrate that our method can better deal with malicious nodes resulting in higher correct packet delivery rate.

The Internet of Things (IoT) implicates an infrastructure that creates new value by connecting everything with communication networks, and its construction is rapidly progressing in anticipation of its great potential. Enhancing the security of IoT is an essential requirement for supporting IoT. For ensuring IoT security, it is desirable to create a situation that even a terminal component device with many restrictions in computing power and energy capacity can easily verify other devices and data and communicate securely by the use of public key cryptography. To concretely achieve the big goal of penetrating public key cryptographic technology to most IoT end devices, we elaborated the secure cryptographic unit (SCU) built in a low-end microcontroller chip. The SCU comprises a hardware cryptographic engine and a built-in access controlling functionality consisting of a software gate and hardware gate. This paper describes the outline of our SCU construction technology's research and development and prospects.

Fake media has been spreading due to remarkable advances in media processing and machine leaning technologies, causing serious problems in society. We are conducting a research project called Media Clone aimed at developing methods for protecting people from fake but skillfully fabricated replicas of real media called media clones. Such media can be created from fake information about a specific person. Our goal is to develop a trusted communication system that can defend against attacks of media clones. This paper describes some research results of the Media Clone project, in particular, various methods for protecting personal information against generating fake information. We focus on 1) fake information generation in the physical world, 2) anonymization and abstraction in the cyber world, and 3) modeling of media clone attacks.

The nearest neighbor method is a simple and flexible scheme for the classification of data points in a vector space. It predicts a class label of an unseen data point using a majority rule for the labels of known data points inside a neighborhood of the unseen data point. Because it sometimes achieves good performance even for complicated problems, several derivatives of it have been studied. Among them, the discriminant adaptive nearest neighbor method is particularly worth revisiting to demonstrate its application. The main idea of this method is to adjust the neighbor metric of an unseen data point to the set of known data points before label prediction. It often improves the prediction, provided the neighbor metric is adjusted well. For statistical shape analysis, shape classification attracts attention because it is a vital topic in shape analysis. However, because a shape is generally expressed as a matrix, it is non-trivial to apply the discriminant adaptive nearest neighbor method to shape classification. Thus, in this study, we develop the discriminant adaptive nearest neighbor method to make it slightly more useful in shape classification. To achieve this development, a mixture model and optimization algorithm for shape clustering are incorporated into the method. Furthermore, we describe several helpful techniques for the initial guess of the model parameters in the optimization algorithm. Using several shape datasets, we demonstrated that our method is successful for shape classification.

Nowadays recommender systems (RS) keep drawing attention from academia, and collaborative filtering (CF) is the most successful technique for building RS. To overcome the inherent limitation, which is referred to as data sparsity in CF, various solutions are proposed to incorporate additional social information into recommendation processes, such as trust networks. However, existing methods suffer from multi-source data integration (i.e., fusion of social information and ratings), which is the basis for similarity calculation of user preferences. To this end, we propose a social collaborative filtering method based on novel trust metrics. Firstly, we use Graph Convolutional Networks (GCNs) to learn the associations between social information and user ratings while considering the underlying social network structures. Secondly, we measure the direct-trust values between neighbors by representing multi-source data as user ratings on popular items, and then calculate the indirect-trust values based on trust propagations. Thirdly, we employ all trust values to create a social regularization in user-item rating matrix factorization in order to avoid overfittings. The experiments on real datasets show that our approach outperforms the other state-of-the-art methods on usage of multi-source data to alleviate data sparsity.

Currently, mobile terminals face serious security threats. A Trusted Execution Environment (TEE) which can provide an isolated execution environment for sensitive workloads, is seen as a trusted relay for providing security services for any mobile application. However, mobile TEE's architecture design and implementation strategy are not unbreakable at present. The existing researches lack of detect mechanisms for attack behaviour and malicious software. This paper proposes a Malicious code Detection scheme for Trusted Execution Environment based on Homomorphic Encryption (HE-TEEMD), which is a novel detection mechanism for data and code in the trusted execution environment. HE-TEEMD uses the Paillier additive homomorphic algorithm to implement the signature matching and transmits the ciphertext information generated in the TEE to the normal world for detection by the homomorphism and randomness of the homomorphic encryption ciphertext. An experiment and security analysis proves that our scheme can achieve malicious code detection in the secure world with minimal cost. Furthermore, evaluation parameters are introduced to address the known plaintext attack problem of privileged users.

In this work, we present one novel rust detection method based upon one-class classification and L2 sparse representation (SR) with decision fusion. Firstly, a new color contrast descriptor is proposed for extracting the rust features of steel structure images. Considering that the patterns of rust features are more simplified than those of non-rust ones, one-class support vector machine (SVM) classifier and L2 SR classifier are designed with these rust image features, respectively. After that, a multiplicative fusion rule is advocated for combining the one-class SVM and L2 SR modules, thereby achieving more accurate rust detecting results. In the experiments, we conduct numerous experiments, and when compared with other developed rust detectors, the presented method can offer better rust detecting performances.

In this letter, we investigate the secure transmission in radio frequency (RF) powered two-hop untrusted relay networks, where the source node and untrusted relay are both wireless powered by an RF power supplier. Specifically, considering the non-linear energy-harvesting (EH) model, the two-process communication protocol is proposed. The secrecy rate is maximized by jointly designing the beamforming vector at source and beamforming matrix at relay, under the constraints of transmit power at RF power supplier and destination. The secrecy rate maximization (SRM) is non-convex, hence we propose an alternative optimization (AO) based iterative algorithm. Numerical results demonstrate that the proposed scheme can significantly increase the secrecy rate compared to the baseline schemes.

Today, trust plays a central role in services in distributed environments. Conventionally deployed trust has been based on static framework in which a server responds to a service request under statically determined policies. However, in accordance with evolution of distributed environments empowered with IoT and federated access mechanisms, dynamic behavior must be analyzed and taken into service provision, which conventional trust cannot properly handle. In this paper, we propose an extension of PDP (Policy Decision Point) in which assertions together with service requests are evaluated. Furthermore, the evaluation may be dynamically configured in dynamically evolving trust environment. We propose an elastic trust model in view of dynamic trust environment. This enables intuitionistic modeling of typical concrete elastic distributed services.