Security Control Research Articles

Security Risk Assessment of IoT for Remote Patient Monitoring System

Remote Patient Monitoring (RPM), an essential component of telehealth, is among the biggest changes marked in healthcare. It facilitates patients’ treatment, remotely at home or in some distant location, without traditional clinical settings. The RPM plays a key role in data acquisition, data analysis and insights, and improved healthcare management. It collects real-time data using wearable sensors and mobile apps, and furnish crucial health metrics. Advanced algorithms and prognostic modelling than process the data, pattern and likely health risks to predict any disease more precisely and accurately for early action. RPM provides real-time watch and remote consultation that help in improved disease control and better patients’ care. Improved accuracy, reduced cost, real time interaction, and refined patient well-being are the significant healthcare benefits of RPM. Prognosis Health & Management (PHM) system is used for predicting the remaining useful life (RUL) of healthcare assets such as sensors, pacemakers, defibrillators and other medical equipment. The PHM leads to pre-emptive maintenance, lowers downtime, and tracks the life span of such healthcare equipment. The IoT enables PHM to monitor remote assets and gather instant data to foresee the RUL of such equipment. Providing the facilitations, PHM also creates potential vulnerabilities of exposure of device, network and data, and poses data security and privacy challenges. Therefore, strong security controls are required to keep patients’ data confidential and safe from uneven approaches to technology and data breaches. This paper evaluates risk associated with RPM using OCTAVE ALLGERO, a risk assessment framework, to mitigate the data security concerns.

Railway security checks at the border: between intrusive security technologies and fundamental traveller rights

Background European railway borders are facing a particular exposure to security threats and need a delicate securitization and free movement, especially amid globalisation, the current geopolitical landscape and increased migrant flows. For example, the war in Ukraine illustrated the challenges experienced at the Eastern EU borders by the refugee migration surge in early 2022. Methods This paper will focus on the European border security control process from the rail border perspective. It will encompass the lessons learned from the UIC Refugee Task Force as well as insights from the ongoing EU-funded Horizon Europe project ODYSSEUS (Unobtrusive Technologies for Secure and Seamless Border Crossing for Travel Facilitation). Project ODYSSEUS aims to support the security and integrity of the European space, reduce illegal movements of people and goods across EU borders, facilitate travelling for citizens all while protecting fundamental rights of travellers. Results The project will test a combination of multi-behavioural and General Data Protection Regulation (GDPR) compliant biometric user identity verification tools, allowing citizens to cross EU border without any interruption or queue. Further, novel luggage and baggage checks will allow citizens’ vehicles and cargos to be remotely checked at land borders to speed up the border check processes in a secure and reliable manner. The project will run three pilot tests at road, rail and water borders. Conclusion In this paper, we analyse the implementation of project’s technologies in the rail border crossing pilot test and discuss the implications for the actors involved in the process of railway border crossing (e.g., border authorities, railway operators and railway travellers).

Secure UAV (Drone) and the Great Promise of AI

UAVs have found their applications in numerous applications from recreational activities to business in addition to military and strategic fields. However, research on UAVs is not going on as quickly as the technology. Especially, when it comes to the security of these devices, the academia is lagging behind the industry. This gap motivates our work in this article as a stepping stone for future research in this area. A comprehensive survey on the security of UAVs and UAV-based systems can help the research community keep pace with, or even lead the industry. Although there are several reviews on UAVs or related areas, there is no recent survey broadly covering various aspects of security. Moreover, none of the existing surveys highlights current and future trends with a focus on the role of an omnipresent technology such as AI. This article endeavors to overcome these shortcomings. We conduct a comprehensive review on security challenges of UAVs as well as the related security controls. Then we develop a future roadmap for research in this area with a focus on the role of AI. The future roadmap is established based on the identified current trends, under-researched topics, and a future look-ahead.

Enhancing Iris Authentication for Managing Multiple Cancellations: Leveraging Quotient Filters

Biometric authentication methods have become increasingly popular for their ability to offer secure and convenient access control. However, concerns about the privacy and security of biometric data have arisen. In this study, we present a novel approach to address these concerns by proposing a cancellable biometric encryption technique for secure and format-preserving iris authentication. Our method leverages the Quotient Filter data structure to transform encrypted iris templates into cancellable templates while preserving their original format. We carefully select an appropriate format-preserving encryption algorithm for iris templates and design a mapping scheme to achieve cancellability. To assess the effectiveness and performance of our approach, extensive experiments are conducted. The quantitative results indicate the efficiency and efficacy of our cancellable biometric encryption technique using the Quotient Filter. Our innovation, the Iris Authentication for Multiple Cancelled Instances Using a Quotient Filter (IAMCIQF), demonstrates competitive performance across several key metrics. IAMCIQF achieves a high level of security strength and strikes a balance between security and efficiency in terms of key size, encryption and decryption speeds and storage efficiency when compared to other existing techniques. The quantitative outcomes underscore IAMCIQF’s potential as a promising solution for attaining secure and format-preserving iris authentication, addressing critical concerns about biometric data security.

Security Control for a Fuzzy System under Dynamic Protocols and Cyber-Attacks with Engineering Applications

The objective of this study is to design a security control for ensuring the stability of systems, maintaining their state within bounded limits and securing operations. Thus, we enhance the reliability and resilience in control systems for critical infrastructure such as manufacturing, network bandwidth constraints, power grids, and transportation amid increasing cyber-threats. These systems operate as singularly perturbed structures with variables changing at different time scales, leading to complexities such as stiffness and parasitic parameters. To manage these complexities, we integrate type-2 fuzzy logic with Markov jumps in dynamic event-triggered protocols. These protocols handle communications, optimizing network resources and improving security by adjusting triggering thresholds in real-time based on system operational states. Incorporating fractional calculus into control algorithms enhances the modeling of memory properties in physical systems. Numerical studies validate the effectiveness of our proposal, demonstrating a 20% reduction in network load and enhanced stochastic stability under varying conditions and cyber-threats. This innovative proposal enables real-time adaptation to changing conditions and robust handling of uncertainties, setting it apart from traditional control strategies by offering a higher level of reliability and resilience. Our methodology shows potential for broader application in improving critical infrastructure systems.

Dynamic‐memory event‐based asynchronous security control for positive singular semi‐Markov jumping CPSs against multiple cyber‐attacks

AbstractThis paper mainly studies the design of asynchronous controllers for positive singular semi‐Markov jump systems with performance under the dynamic‐memory event‐triggered. The positive singular semi‐Markov jump system model is established for the first time. And the dynamic‐memory event‐triggered transmission protocol is used to reduce network transmission pressure. Then, a unified cyber‐attack framework that includes DoS attacks and spoofing attacks is established. A simple hidden Markovian model (HMM) model is used to describe the asynchronous phenomena between the controller and the system. Considering the situation where all data cannot be accurately obtained in reality, a simple HMM is set as a partially unknown conditional probability matrix. Based on stochastic Lyapunov functional, the stochastically admissible conditions for the closed‐loop systems are obtained. Finally, a numerical example is given to verify the effectiveness of the proposed method.

Based on the Security Control of Pumped Storage Hydropower under Extreme Fault Conditions after Grid Connection

Abstract As an important part of the new energy grid connection, pumped storage hydropower plays an important role in black start, frequency modulation and phase modulation, peak shaving and valley filling, energy storage and accident reserve. In order to ensure the security and stability of the power system under extreme fault conditions after the pumped storage hydropower is connected to the grid, it is particularly important to configure reasonable security and stability control measures. Based on the development status and operation characteristics of pumped storage hydropower stations at home and abroad, considering the need of system security and stability control, this paper takes a pumped storage hydropower station in Southwest China as an example to simulate and analyze the transient characteristics of the pumped storage hydropower after grid connection. In view of the possible extreme fault conditions, a regional security control system is designed, and the configuration, control measures and strategies of the security control device on the pumping side are studied.

Secure and transparent traffic congestion control system for smart city using a federated learning approach

This study addresses the increasing problems of traffic congestion in smart cities by introducing a Secure and Transparent Traffic Congestion Control System using federated learning. Traffic congestion control systems face key issues such as data privacy, security vulnerabilities, and the necessity for joint decision-making. Federated learning, a type of distributed machine learning, is effective because it allows for training models on decentralized data while maintaining data privacy. Furthermore, incorporating blockchain technology improves the system’s security, integrity, and transparency. The proposed system uses federated learning to securely gather and analyze local traffic data from different sources within a smart city without moving sensitive data away from its original location. This method minimizes the risk of data breaches and privacy issues. Blockchain technology creates a permanent, transparent record for monitoring and confirming decisions related to traffic congestion control, thereby promoting trust and accountability. The combination of federated learning's decentralized nature and blockchain's secure, transparent features aids in building a strong traffic management system for smart cities. This research contributes to advancements in smart city technology, potentially improving traffic management and urban living standards. Moreover, tests of the new combined model show a high accuracy rate of 97.78% and a low miss rate of 2.22%, surpassing previous methods. The demonstrated efficiency and adaptability of the model to various smart city environments and its scalability in expanding urban areas are crucial for validating its practical use in real-world settings.

Blockchain Technology for Integrating Electronic Records of Digital Healthcare System

Background: In most healthcare facilities, the shift from paper-based medical records to electronic health records (EHRs) has taken place. However, there are issues with credibility, management, and secure data storage with the existing EHR systems. In the healthcare industry, interoperability and user control over personal data are also major challenges. Block chain technology has become a potent tool that can provide immutability, security, and user control over records that are saved; yet, its potential usage in EHR systems is still not well understood. Objectives: This research attempts to close this knowledge gap by developing an EHR framework that is built on blockchain technology and is compatible with many national and international EHR standards, including HL7 and HIPAA. Methods: In order to investigate the state of the art in the field of EHRs, including blockchain-based EHR implementations, a systematic literature review is the study approach used. Results: The report analyzes numerous national and international EHR standards, identifies the interoperability needs based on these standards, and outlines the interoperability challenges in the current blockchain-based EHR frameworks. Without the requirement for centralized systems, the suggested framework can give the healthcare industry safer ways to exchange health information while also offering the features of immutability, security, and user control over stored records. Conclusion: This work contributes to the understanding of Blockchain technology's potential application in EHR frameworks and offers an interoperable Blockchain-based EHR framework that can meet the requirements outlined in multiple national and international EHR standards.

A Proposal for Model‐Based Systems Engineering Method for Creating Secure Cyber‐Physical Systems

AbstractRising levels of risk as cyber‐attackers look to exploit system vulnerabilities threatens the Air Traffic Control industry. Attacks on Air Navigation Service Providers' communications systems may lead to airspace closure and even cause safety issues. This paper presents a novel Model‐Based Systems Engineering method that enables systems engineers, in collaboration with system security and software engineers, to perform threat‐modeling analysis of cyber‐physical systems early in the system development process and incorporate mitigation strategies into the system design. The proposed model‐based method covers few security concepts, including misuse cases, system assets, threats, risks, vulnerabilities, and security control identification. The study found that the proposed method is suitable for conducting security analysis for complex cyber‐physical systems early in the system development process.

Event-Triggered Adaptive Bipartite Secure Consensus Asymptotic Tracking Control for Nonlinear MASs Subject to DoS Attacks

This paper proposes an adaptive bipartite secure consensus asymptotic tracking control scheme based on event-triggered strategy for the nonlinear multi-agent systems (MASs) under denial-of-service (DoS) attacks. First, by incorporating the concept of shortest path into the hierarchical algorithm, the bipartite consensus control problem in the presence of unbalanced communication topology is successfully addressed. Further, an anti-attack bipartite control strategy by designing the improved forms of the tracking errors and virtual controllers is proposed under DoS attacks. Then, a modified event-triggered mechanism based on the relative threshold strategy is proposed, which can ensure that the bipartite consensus tracking errors converge to zero asymptotically by utilizing the Barbalat’s Lemma. Under the Lyapunov stability theory, it is guaranteed that the outputs of all agents can reach agreement with an identical magnitude but opposite signs and all the signals of the closed-loop MASs are bounded. Finally, the simulation results on the model of damping pendulums are given to verify the efficiency of the proposed secure controller. <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Note to Practitioners</i> —In this paper, the adaptive bipartite secure consensus asymptotic tracking control problem is considered for nonlinear MASs subject to DoS attacks, whose models can describe many critical applications, such as bidirectional formation of unmanned vehicles and robots. The research on the secure tracking control problem will be rather complicated yet challenging if the DoS attacks of the communication channels are taken into account in the insecure complex network environment. In addition, the event-triggered mechanism is used to reduce the usage of communication resources, which makes the proposed control scheme more easier to implement and more friendly for control engineers.

Event-based secure control for cyber-physical systems against false data injection attacks

This paper mainly studies an event-based secure control problem for cyber-physical systems against false data injection (FDI) attacks. First, a dynamic event-triggered transmission protocol is established to schedule the transmitted data from the sensor to the controller. Subsequently, an imperfect FDI attack model is constructed considering the real network environment, which would bypass the traditional residual-based detection methods. To overcome this drawback, an attack detection strategy based on secure history information is designed, which effectively mitigates the negative impact of uncertainty on the detection results. Based on the detection results, an event-based secure linear quadratic Gaussian control scheme is designed, which can guarantee system performance and reduce the communication load effectively. Finally, a simulation experiment verifies that the proposed control method outperforms other algorithms in the literature, and the detection accuracy is increased by 91% to 98%.

Distributed Adaptive Secure Consensus Tracking Control for Asynchronous Switching Nonlinear MASs Under Sensor Attacks and Actuator Faults

A distributed adaptive secure control algorithm is proposed for asynchronous switching nonlinear multi-agent systems (MASs) in pure-feedback form while considering the sensor attacks and actuator faults, which eliminates the effect of attack signals, actuator faults and uncertainties without knowing the sign of the control gain functions. Since the system states measured by the sensors are corrupted by the malicious attacker, only the post-attack system states can be obtained. Thus, an improved coordinate transformation is constructed by using the post-attack system states and a backstepping method based on the improved coordinate transformation is developed to solve the consensus tracking control problem of the researched systems under sensor attacks. The common Lyapunov function is designed to ensure the stability of all asynchronous switching subsystems of each agent. In the end, a simulation example is presented to illustrate the theoretical results’ validity. <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Note to Practitioners</i> —This paper deal with the distributed adaptive secure consensus tracking control problem for asynchronous switching nonlinear MASs, whose models can describe many phenomena in nature such as biological processes, robot team formation and sensor networks. It is extremely challenging to achieve the tracking control problem of the researched asynchronous switching nonlinear system in an unsafe network environment, where the unknown sensor attacks signals, actuator faults coefficients, and randomly switched non-affine nonlinearities exist together for the followers. Furthermore, the control design and stability analysis of the researched system is based on the common Lyapunov approach, which makes the developed approach more engineering oriented.

Review of Authentication Systems based on Electroencephalogram

Traditional authentication methods, such as the use of passwords and fingerprints, are susceptible to the risks of theft, loss, and forgery. However, an innovative and secure alternative exists in the form of electroencephalogram (EEG)-based authentication systems, which operate by measuring distinctive brainwave patterns. This particular review undertakes a comprehensive analysis of the current state of EEG-based authentication, delving into its advantages, challenges, and potential future directions. In doing so, we examine the underlying principles governing the acquisition and processing of EEG signals, explore the various techniques employed for feature extraction and classification, and evaluate the performance of existing systems. Moreover, we emphasize the significant advantages offered by EEG-based authentication, including its exceptional accuracy, capacity for liveness detection, and robust resistance to spoofing attempts. Nevertheless, we must also acknowledge and address the various obstacles that must be overcome to facilitate wider adoption of this authentication method, encompassing concerns relating to hardware affordability, user acceptance, and data privacy. Finally, we outline a series of promising research avenues that can potentially address these challenges and unlock the complete potential of EEG-based authentication, thereby enabling secure and convenient access control across a diverse range of domains.

Statistical privacy protection for secure data access control in cloud

Cloud Service Providers (CSPs) allow data owners to migrate their data to resource-rich and powerful cloud servers and provide access to this data by individual users. Some of this data may be highly sensitive and important and CSPs cannot always be trusted to provide secure access. It is also important for end users to protect their identities against malicious authorities and providers, when they access services and data. Attribute-Based Encryption (ABE) is an end-to-end public key encryption mechanism, which provides secure and reliable fine-grained access control over encrypted data using defined policies and constraints. Since, in ABE, users are identified by their attributes and not by their identities, collecting and analyzing attributes may reveal their identities and violate their anonymity. Towards this end, we define a new anonymity model in the context of ABE. We analyze several existing anonymous ABE schemes and identify their vulnerabilities in user authorization and user anonymity protection. Subsequently, we propose a Privacy-Preserving Access Control Scheme (PACS), which supports multi-authority, anonymizes user identity, and is immune against users collusion attacks, authorities collusion attacks and chosen plaintext attacks. We also propose an extension of PACS, called Statistical Privacy-Preserving Access Control Scheme (SPACS), which supports statistical anonymity even if malicious authorities and providers statistically analyze the attributes. Lastly, we show that the efficiency of our scheme is comparable to other existing schemes. Our analysis show that SPACS can successfully protect against Collision Attacks and Chosen Plaintext Attacks.

Face Recognition Attendance System

Abstract— Face recognition is a biometric technique which involves determining if the image of the face of any given person matches with any of the face images stored in the database. This problem is very difficult to solve automatically due to the changes that various factors, such as facial expression, ageing and even lighting. It is widely used in areas such as security and access control, forensic medicine, police controls and attendance management system. Our Face Recognition Attendance System can utterly eliminate the manual work wherever the attending can now not involve any paperwork. This system will scale back the whole time required for attending marking. The system can acquire individual attending with the assistance of facial recognition to secure information accuracy of the attending. The primary goal of this project is to build a face recognition-based attendance monitoring system for employees working in an organization in order to improve and upgrade the current attendance system to make it more efficient and effective than before. The employee should be in an area containing light so that the detection can be clearly made. Keywords: Face recognition, biometric technique, image matching, database, facial expression, ageing lighting, security, access control, forensic medicine, police controls, attendance management, manual work, paperwork, time reduction, facial recognition, data accuracy.

Dynamic memory-based event-triggered security control for networked control systems subjected to false-injection-data attack

This study addresses the security control problem for networked control systems that are subjected to false-data-injection attacks. The designed controller rests on a dynamic memory-based event-triggered mechanism, which exploits historically transmitted data and an auxiliary term to improve transmission efficiency and ensure satisfactory control performance. Then, a controller that defends against the false-data-injection attacks is proposed by making full use of the historical information. With the aid of Cauchy–Schwarz and Gronwall–Bellman inequalities, the existence of such a controller is validated through a novel Lyapunov-based method, which allows the Lyapunov function to be nonpositive. Further, a test on a dynamic power system is provided to verify the effectiveness and superiority of the proposed method.

Revisiting Past Cyber Security Recommendations: Lessons we Have Failed to Learn

Cyber-security is constantly evolving as new technologies introduce new vulnerabilities and threat actors constantly develop new techniques to penetrate systems. Much focus in scholarship is on the cyber-offense, while few analyse changes in the cyber-defence posture. Since its inception, defensive information security has evolved and introduced a plethora of new security controls to either prevent, detect, mitigate, or respond to new cyber-attacks. When studying cyber-incidents, a paradox becomes apparent: often, low-end security fails are responsible for most breaches, such as default system configurations and credentials or violations of the principle of least privileges. Even security sensitive organisations such as the US DoD or IT companies suffer from this paradox, as a recent NSA/CISA report indicates: large sums are spent on high-end security programs only to be compromised by low-end attacks. This paradox becomes even more pronounced when introducing a longitudinal historical perspective: many of these issues have been known for decades, as reports from the 1970s show. These include inadequate hardware and software not designed with security in mind, the issue of managing resource access controls in a multi-user environment that includes remote terminals (aka a cloud infrastructure), malicious insider threats that bypass security controls, as well as the issue of applying timely software patches. In sum: while the IT security industry is rushing to introduce new high-level security controls and technologies, the main issues seem to be age-old problems and the failure to learn lessons from the past, warranting a historical approach. In this paper, the origin of security controls is examined, shedding light on relevant best practices, recommendations and why they emerged. Starting in the 1960s, we analyse the emerging technologies of each subsequent decade, explore what changes in IT-security controls these new technologies necessitated, and how IT and later cyber-security changed over the years. Furthermore, reference is made to the aftermath of selected cyber-attacks to further highlight is analysed to explore potential shifts in security paradigms beyond those introduced by technology itself.

GDPR compliance via software evolution: Weaving security controls in software design

Software should comply with international privacy laws, like the General Data Protection Regulation (GDPR). However, implementing appropriate technical controls is often an error-prone and time-consuming process. This is partly due to the limited knowledge of software engineers about privacy and security. This paper proposes SoCo, a semi-automated approach to support organizations in achieving software compliance with the GDPR data protection principles. To do so, SoCo supports engineers in identifying and integrating appropriate technical controls in sequence diagrams during the design phase. SoCo includes a technique to assist engineers to identify data processing activities in software applications modeled as sequence diagrams that may need to comply with the GDPR, a catalog of privacy and security controls that engineers can use to fix non-compliant activities, and a technique to implement such controls in the non-compliant sequence diagrams. Our evaluation results show that SoCo can help software engineers identify and design appropriate security controls to address GDPR violations and required moderate manual effort when applied to a substantive open-source application.Editor’s note: Open Science material was validated by the Journal of Systems and Software Open Science Board.

Digital twin technology for enhanced smart grid performance: integrating sustainability, security, and efficiency

This research paper presents the development and analysis of a multifaceted smart grid prototype. It combines various technologies for the smart grid operation. The first technology is environmental analysis of smart grid and solar panel cleaning. Secondly, radio-frequency identification (RFID)-based security and access control system has been integrated for smart grid. The third component is internet of things (IoT)-based energy monitoring and load management. For environmental analysis sensors such as temperature, humidity, light-dependent resistor, and flame sensors are connected to a NodeMCU controller for real time monitoring. Moreover, IoT based solar cleaning system is developed in the form of prototype with the help of Blynk and servo motor. The second component of prototype is smart security system which is developed with the help of Arduino and RFID module to facilitate secure access control. The third part of prototype employs voltage and current sensors with an ESP32 microcontroller and the Blynk application for real-time energy consumption analysis. This setup enables remote monitoring of voltage, power dynamics, and consumption patterns in a smart grid. It also offers an IoT based solution for load management and load shedding within the smart grid. The complete prototype overall demonstrates a comprehensive approach to 1) smart grid management, 2) environmental analysis, 3) security, and 4) energy monitoring.