Artificial intelligence and the introduction of Internet of Things technologies have benefited from technological advances and new automated computer system technologies. Eventually, it is now possible to integrate them into a single offline industrial system. This is accomplished through machine-to-machine communication, which eliminates the human factor. The purpose of this article is to examine security systems for machine-to-machine communication systems that rely on identification and authentication algorithms for real-time monitoring. The article investigates security methods for quickly resolving data processing issues by using the Security operations Center’s main machine to identify and authenticate devices from 19 different machines. The results indicate that when machines are running offline and performing various tasks, they can be exposed to data leaks and malware attacks by both the individual machine and the system as a whole. The study looks at the operation of 19 computers, 7 of which were subjected to data leakage and malware attacks. AnyLogic software is used to create visual representations of the results using wireless networks and algorithms based on previously processed methods. The W76S is used as a protective element within intelligent sensors due to its built-in memory protection. For 4 machines, the data leakage time with malware attacks was 70 s. For 10 machines, the duration was 150 s with 3 attacks. Machine 15 had the longest attack duration, lasting 190 s and involving 6 malware attacks, while machine 19 had the shortest attack duration, lasting 200 s and involving 7 malware attacks. The highest numbers indicated that attempting to hack a system increased the risk of damaging a device, potentially resulting in the entire system with connected devices failing. Thus, illegal attacks by attackers using malware may be identified over time, and data processing effects can be prevented by intelligent control. The results reveal that applying identification and authentication methods using a protocol increases cyber-physical system security while also allowing real-time monitoring of offline system security.

Zero Trust Networking (ZTN) is a security model where no default trust is given to entities in a network infrastructure. The first bastion of security for achieving ZTN is strong identity verification. Several standard methods for assuring a robust identity exist (E.g., OAuth2.0, OpenID Connect). These standards employ JSON Web Tokens (JWT) during the authentication process. However, the use of JWT for One Time Token (OTT) enrollment has a latent security issue. A third party can intercept a JWT, and the payload information can be exposed, revealing the details of the enrollment server. Furthermore, an intercepted JWT could be used for enrollment by an impersonator as long as the JWT remains active. Our proposed mechanism aims to secure the ownership of the OTT by including the JWT as encrypted metadata into a Non-Fungible Token (NFT). The mechanism uses the blockchain Public Key of the intended owner for encrypting the JWT. The blockchain assures the JWT ownership by mapping it to the intended owner's blockchain public address. Our proposed mechanism is applied to an emerging Zero Trust framework (OpenZiti) alongside a permissioned Ethereum blockchain using Hyperledger Besu. The Zero Trust Framework provides enrollment functionality. At the same time, our proposed mechanism based on blockchain and NFT assures the secure distribution of OTTs that is used for the enrollment of identities.

The proliferation of coronavirus disease (COVID-19) has prompted changes in business models. To ensure a successful transition to non-face-to-face and electronic communication, the authenticity of data and the trustworthiness of communication partners are essential. Trust services provide a mechanism for preventing data falsification and spoofing. To develop a trust service, the characteristics of the service and the scope of its use need to be determined, and the relevant legal systems must be investigated. Preparing a document to meet trust service provider requirements may incur significant expenses. This study focuses on electronic signatures, proposes criteria for classification, classifies actual documents based on these criteria, and opens a discussion. A case study illustrates how trusted service providers search a document highlighting areas that require approval. The classification table in this paper may prove advantageous at the outset when business decisions are uncertain, and there is no clear starting point.

We present a mathematical formulation of a trust metric using a quality and quantity pair. Under a certain assumption, we regard trust as an additive value and define the soundness of a trust computation as not to exceed the total sum. Moreover, we point out the importance of not only soundness of each computed trust but also the stability of the trust computation procedure against changes in trust value assignment. In this setting, we define trust composition operators. We also propose a trust computation protocol and prove its soundness and stability using the operators.

The ARM TrustZone architecture, which provides hardware-assisted isolation, is widely adopted in mobile and IoT devices. The security of ARM TrustZone relies on the idea of splitting system-on-chip hardware and software into two worlds, namely normal world and secure world. There are legitimate channels at the hardware level that the normal world and the secure world can use to communicate with each other. To protect these channels from being abused, research efforts were invested on restricting the access to these channels from normal world components. Therefore, only predefined and legitimate normal world components can use cross-world communication channels. In this work, we present a study on data covert channels that can bypass such protection mechanisms and smuggle sensitive information. We first analyze causes of the noise in the covert channel between two worlds. Then, we evaluate the accuracy and bandwidth of covert channels built by our PRIME+COUNT method with one built by PRIME+PROBE method. Our results demonstrate that PRIME+COUNT is an effective technique for enabling cross-world covert channels in the ARM TrustZone.

The integration of social networking concepts into the Internet of Things has led to the Social Internet of Things (SIoT) paradigm, and trust evaluation is essential to secure interaction in SIoT. In SIoT, when resource-constrained nodes respond to unexpected malicious services and malicious recommendations, the trust assessment is prone to be inaccurate, and the existing architecture has the risk of privacy leakage. An edge-cloud collaborative trust evaluation architecture in SIoT is proposed in this paper. Utilize the resource advantages of the cloud and the edge to complete the trust assessment task collaboratively. An evaluation algorithm of relationship closeness between nodes is designed to evaluate neighbor nodes' reliability in SIoT. A trust computing algorithm with enhanced sensitivity is proposed, considering the fluctuation of trust value and the conflict between trust indicators to enhance the sensitivity of identifying malicious behaviors. Simulation results show that compared with traditional methods, the proposed trust evaluation method can effectively improve the success rate of interaction and reduce the false detection rate when dealing with malicious services and malicious recommendations.

Most research on detecting shilling attacks focuses on users' rating behavior but does not consider that attackers may also attack the users' trusting behavior. For example, attackers may give a low score to other users' ratings so that people would think the ratings from the users are not helpful. In this paper, we define the trust shilling attack, propose the behavior features of trust attacks, and present an effective detection method using machine learning methods. The experimental results demonstrate that, based on our proposed behavior features of trust attacks, we can detect trust shilling attacks as well as traditional shilling attacks accurately.

The effect of provision of “Neither-Good-Nor-Bad” (NGNB) information on the perceived trustworthiness of agents has been investigated in previous studies. The experimental results have revealed several conditions under which the provision of NGNB information works effectively to make users perceive greater trust of agents. However, the experiments in question were carried out in a situation in which a user is able to choose, with the agent's advice, one of a limited number of options. In practical problems, we are often at a loss as to which to choose because there are too many possible options and it is not easy to narrow them down. Furthermore, in the above-mentioned previous studies, it was easy to predict the size of profits that a user would obtain because its pattern was also limited. This prompted us, in this paper, to investigate the effect of provision of NGNB information on the users' trust of agents under conditions where it appears to the users that numerous options are available. Our experimental results reveal that an agent that reliably provides NGNB information tends to gain greater user trust in a situation where it appears to the users that there are numerous options and their consequences, and it is not easy to predict the size of profits. However, in contradiction to the previous study, the results in this paper also reveal that stable provision of NGNB information in the context of numerous options is less effective in a situation where it is harder to obtain larger profits.

To safeguard critical services and assets in a distributed environment, collaborative intrusion detection systems (CIDSs) are usually adopted to share necessary data and information among various nodes, and enhance the detection capability. For simplifying the network management, software defined networking (SDN) is an emerging platform that decouples the controller plane from the data plane. Intuitively, SDN can help lighten the management complexity in CIDSs, and a CIDS can protect the security of SDN. In practical implementation, trust management is an important approach to help identify insider attacks (or malicious nodes) in CIDSs, but the challenge is how to ensure the data integrity when evaluating the reputation of a node. Motivated by the recent development of blockchain technology, in this work, we design BlockCSDN — a framework of blockchain-based collaborative intrusion detection in SDN, and take the challenge-based CIDS as a study. The experimental results under both external and internal attacks indicate that using blockchain technology can benefit the robustness and security of CIDSs and SDN.

A mobile crowdsensing system (MCS) utilizes a crowd of users to collect large-scale data using their mobile devices efficiently. The collected data are usually linked with sensitive information, raising the concerns of user privacy leakage. To date, many approaches have been proposed to protect the users' privacy, with the majority relying on a centralized structure, which poses though attack and intrusion vulnerability. Some studies build a distributed platform exploiting a blockchain-type solution, which still requires a fully trusted third party (TTP) to manage a reliable reward distribution in the MCS. Spurred by the deficiencies of current methods, we propose a distributed user privacy protection structure that combines blockchain and a trusted execution environment (TEE). The proposed architecture successfully manages the users' privacy protection and an accurate reward distribution without requiring a TTP. This is because the encryption algorithms ensure data confidentiality and uncouple the correlation between the users' identity and the sensitive information in the collected data. Accordingly, the smart contract signature is used to manage the user deposit and verify the data. Extensive comparative experiments verify the efficiency and effectiveness of the proposed combined blockchain and TEE scheme.

The unattended malicious nodes pose great security threats to the integrity of the IoT sensor networks. However, preventions such as cryptography and authentication are difficult to be deployed in resource constrained IoT sensor nodes with low processing capabilities and short power supply. To tackle these malicious sensor nodes, in this study, the trust computing method is applied into the IoT sensor networks as a light weight security mechanism, and based on the theory of Chebyshev Polynomials for the approximation of time series, the trust data sequence generated by each sensor node is linearized and treated as a time series for malicious node detection. The proposed method is evaluated against existing schemes using several simulations and the results demonstrate that our method can better deal with malicious nodes resulting in higher correct packet delivery rate.

The Internet of Things (IoT) implicates an infrastructure that creates new value by connecting everything with communication networks, and its construction is rapidly progressing in anticipation of its great potential. Enhancing the security of IoT is an essential requirement for supporting IoT. For ensuring IoT security, it is desirable to create a situation that even a terminal component device with many restrictions in computing power and energy capacity can easily verify other devices and data and communicate securely by the use of public key cryptography. To concretely achieve the big goal of penetrating public key cryptographic technology to most IoT end devices, we elaborated the secure cryptographic unit (SCU) built in a low-end microcontroller chip. The SCU comprises a hardware cryptographic engine and a built-in access controlling functionality consisting of a software gate and hardware gate. This paper describes the outline of our SCU construction technology's research and development and prospects.

Fake media has been spreading due to remarkable advances in media processing and machine leaning technologies, causing serious problems in society. We are conducting a research project called Media Clone aimed at developing methods for protecting people from fake but skillfully fabricated replicas of real media called media clones. Such media can be created from fake information about a specific person. Our goal is to develop a trusted communication system that can defend against attacks of media clones. This paper describes some research results of the Media Clone project, in particular, various methods for protecting personal information against generating fake information. We focus on 1) fake information generation in the physical world, 2) anonymization and abstraction in the cyber world, and 3) modeling of media clone attacks.

Nowadays recommender systems (RS) keep drawing attention from academia, and collaborative filtering (CF) is the most successful technique for building RS. To overcome the inherent limitation, which is referred to as data sparsity in CF, various solutions are proposed to incorporate additional social information into recommendation processes, such as trust networks. However, existing methods suffer from multi-source data integration (i.e., fusion of social information and ratings), which is the basis for similarity calculation of user preferences. To this end, we propose a social collaborative filtering method based on novel trust metrics. Firstly, we use Graph Convolutional Networks (GCNs) to learn the associations between social information and user ratings while considering the underlying social network structures. Secondly, we measure the direct-trust values between neighbors by representing multi-source data as user ratings on popular items, and then calculate the indirect-trust values based on trust propagations. Thirdly, we employ all trust values to create a social regularization in user-item rating matrix factorization in order to avoid overfittings. The experiments on real datasets show that our approach outperforms the other state-of-the-art methods on usage of multi-source data to alleviate data sparsity.

Currently, mobile terminals face serious security threats. A Trusted Execution Environment (TEE) which can provide an isolated execution environment for sensitive workloads, is seen as a trusted relay for providing security services for any mobile application. However, mobile TEE's architecture design and implementation strategy are not unbreakable at present. The existing researches lack of detect mechanisms for attack behaviour and malicious software. This paper proposes a Malicious code Detection scheme for Trusted Execution Environment based on Homomorphic Encryption (HE-TEEMD), which is a novel detection mechanism for data and code in the trusted execution environment. HE-TEEMD uses the Paillier additive homomorphic algorithm to implement the signature matching and transmits the ciphertext information generated in the TEE to the normal world for detection by the homomorphism and randomness of the homomorphic encryption ciphertext. An experiment and security analysis proves that our scheme can achieve malicious code detection in the secure world with minimal cost. Furthermore, evaluation parameters are introduced to address the known plaintext attack problem of privileged users.

In this letter, we investigate the secure transmission in radio frequency (RF) powered two-hop untrusted relay networks, where the source node and untrusted relay are both wireless powered by an RF power supplier. Specifically, considering the non-linear energy-harvesting (EH) model, the two-process communication protocol is proposed. The secrecy rate is maximized by jointly designing the beamforming vector at source and beamforming matrix at relay, under the constraints of transmit power at RF power supplier and destination. The secrecy rate maximization (SRM) is non-convex, hence we propose an alternative optimization (AO) based iterative algorithm. Numerical results demonstrate that the proposed scheme can significantly increase the secrecy rate compared to the baseline schemes.

Today, trust plays a central role in services in distributed environments. Conventionally deployed trust has been based on static framework in which a server responds to a service request under statically determined policies. However, in accordance with evolution of distributed environments empowered with IoT and federated access mechanisms, dynamic behavior must be analyzed and taken into service provision, which conventional trust cannot properly handle. In this paper, we propose an extension of PDP (Policy Decision Point) in which assertions together with service requests are evaluated. Furthermore, the evaluation may be dynamically configured in dynamically evolving trust environment. We propose an elastic trust model in view of dynamic trust environment. This enables intuitionistic modeling of typical concrete elastic distributed services.

In this letter, we investigate the physical layer security in multi-user multi-relay networks, where each relay is not merely a traditional helper, but at the same time, can become a potential eavesdropper. We first propose an efficient low-complexity user and relay selection scheme to significantly reduce the amount of channel estimation as well as the amount of potential links for comparison. For the proposed scheme, we derive the closed-form expression for the lower bound of ergodic secrecy rate (ESR) to evaluate the system secrecy performance. Simulation results are provided to verify the validity of our expressions and demonstrate how the ESR scales with the number of users and relays.

Accurate visual correspondence is the foundation of many computer vision based applications. Since existing image matching algorithms generate mismatches inevitably, a reliable mismatch-removal algorithm is highly desired to remove mismatches and preserve true matches. This paper proposes a hierarchical progressive trust (HPT) model to solve this problem. The HPT model first adopts a “trust the most trustworthy ones” strategy to select anchor inliers in its bottom layer, and then progressively propagates the trust from bottom layer to other layers in a bottom-up way: 1) bottom layer verifies anchor inliers with the guidance of local features; 2) middle layers progressively estimate local transformations and perform local verifications; 3) top layer estimates a global transformation with an anchor-inliers-guided expectation maximization (EM) algorithm and performs global verifications. Experimental results show that the proposed HPT model achieves higher performance than state-of-the-art mismatch-removal methods under both rigid transformations and non-rigid deformations.

With the in-depth development of service computing, it has become clear that when constructing service applications in an open dynamic network environment, greater attention must be paid to trustworthiness under the premise of functions' realization. Trustworthy computing requires theories for business process modeling in terms of both behavior and trustworthiness. In this paper, a calculus for ensuring the satisfaction of trustworthiness requirements in service-oriented systems is proposed. We investigate a calculus called QPi, for representing both the behavior and the trustworthiness property of concurrent systems. QPi is the combination of pi-calculus and a constraint semiring, which has a feature when problems with multi-dimensional properties must be tackled. The concept of the quantified bisimulation of processes provides us a measure of the degree of equivalence of processes based on the bisimulation distance. The QPi related properties of bisimulation and bisimilarity are also discussed. A specific modeling example is given to illustrate the effectiveness of the algebraic method.